VPN Passthrough question

Unanswered Question
Mar 11th, 2008
User Badges:

How do I allow VPN passthrough on my ASA 5505? I believe I need to allow at leaste ports 500 udp and 4500 udp and port 50 TCP??


Can someone please give example of correct access-list needed.


Thank you in advance.


CEJ

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Tue, 03/11/2008 - 11:19
User Badges:
  • Blue, 1500 points or more

here's a generic config for enabling ipsec passthru...


class-map ike_traffic

match port udp eq 500


policy-map global_policy

class ike_traffic

inspect ipsec-pass-thru


access-list outside_in permit udp any any eq 500

access-group outside_in in interface outside


------------------

just to be sure, you have a vpn device behind (internal to) the asa 5505 and you're not terminating vpn's on the 5505?

cejhelp04 Tue, 03/11/2008 - 13:02
User Badges:

Thank you srue for your response. I have tried working with the config you posted, but I have not had success so far.


To your question, I am hoping to use the Cisco software VPN client as the endpoint behind the asa 5505.


I am trying to avoid terminating on the 5505 itself, as I would prefer no auto connect, and also want to limit vpn access only to computers with the software client installed.


Is this a logical pursuit?


Thanks

CEJ


Actions

This Discussion