firewall IOS + easy VPN

Unanswered Question
Jan 15th, 2008

I have a cisco router with firewall IOS and internet connection,on the outside interface there is an access-list that deny anything from outside and on the inside interface there are an inspection rules..I would like to configure easy VPN client so that users can connect this configuration cause a problem for a remote user to connect to internal network.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mohammady Sat, 08/16/2008 - 07:55

I need your help in this issue ?? what are the ACL's needed at outside interface to enable easy VPN connection..user will be able to connect to inside network through easy vpn only ..... Regards,,,

dhananjoy chowdhury Sat, 08/16/2008 - 11:23


You should permit UDP 500 and ESP protocol on the Outside Interface inbound ACL, for EZVPN to work.

Again if the clients are using NAT-T then you have to allow , UDP 500 and UDP 4500.

If the Outside interface is S0/0 and IP is A.B.C.D, then use this

access-list 121 permit udp ANY host A.B.C.D eq 500

access-list 121 permit esp ANY host A.B.C.D

int S0/0

ip access-group 121 in

Hope this helps.


This Discussion