cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
324
Views
0
Helpful
3
Replies

firewall IOS + easy VPN

mohammady
Level 1
Level 1

I have a cisco router with firewall IOS and internet connection,on the outside interface there is an access-list that deny anything from outside and on the inside interface there are an inspection rules..I would like to configure easy VPN client so that users can connect remotely..do this configuration cause a problem for a remote user to connect to internal network.

3 Replies 3

mohammady
Level 1
Level 1

any suggestions????

I need your help in this issue ?? what are the ACL's needed at outside interface to enable easy VPN connection..user will be able to connect to inside network through easy vpn only ..... Regards,,,

Hi,

You should permit UDP 500 and ESP protocol on the Outside Interface inbound ACL, for EZVPN to work.

Again if the clients are using NAT-T then you have to allow , UDP 500 and UDP 4500.

If the Outside interface is S0/0 and IP is A.B.C.D, then use this

access-list 121 permit udp ANY host A.B.C.D eq 500

access-list 121 permit esp ANY host A.B.C.D

int S0/0

ip access-group 121 in

Hope this helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: