Allow IPSEC traffic thru 871?

Unanswered Question
Oct 29th, 2007
User Badges:

I am using Cisco 871's with Advanced IP Sec IOS for remote offices. I need to allow IPSEC traffic to pass thru the 871 to establish a client IPSEC tunnel. The client VPN software is Nortel's Contivity VPN.


How can I allow IPSEC traffic to pass thru the 871?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Mon, 10/29/2007 - 14:26
User Badges:
  • Green, 3000 points or more

If you are initiating vpn client connectivity from behind the 871 to outside you need to allow through the IPsec ports udp 500, udp 4500 and protocol 50 esp. I don't know Nortel's vpn client but Im sure they follow the Ipsec security standards.


try this on your 871 router.


access-list 101 permit udp any any eq 500 log

access-list 101 permit udp any any eq 4500 log

access-list 101 permit esp any any log



apply acl-101 to your outbound interface

access-group 101 in



HTH

Jorge


Actions

This Discussion