01-15-2008 03:59 AM - edited 03-11-2019 04:48 AM
I have a cisco router with firewall IOS and internet connection,on the outside interface there is an access-list that deny anything from outside and on the inside interface there are an inspection rules..I would like to configure easy VPN client so that users can connect remotely..do this configuration cause a problem for a remote user to connect to internal network.
01-16-2008 08:45 AM
any suggestions????
08-16-2008 07:55 AM
I need your help in this issue ?? what are the ACL's needed at outside interface to enable easy VPN connection..user will be able to connect to inside network through easy vpn only ..... Regards,,,
08-16-2008 11:23 AM
Hi,
You should permit UDP 500 and ESP protocol on the Outside Interface inbound ACL, for EZVPN to work.
Again if the clients are using NAT-T then you have to allow , UDP 500 and UDP 4500.
If the Outside interface is S0/0 and IP is A.B.C.D, then use this
access-list 121 permit udp ANY host A.B.C.D eq 500
access-list 121 permit esp ANY host A.B.C.D
int S0/0
ip access-group 121 in
Hope this helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: