Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1290
Views
0
Helpful
2
Replies

VPN Passthrough question

cejhelp04
Level 1
Level 1

‎03-11-2008 08:22 AM - edited ‎02-21-2020 03:37 PM

How do I allow VPN passthrough on my ASA 5505? I believe I need to allow at leaste ports 500 udp and 4500 udp and port 50 TCP??

Can someone please give example of correct access-list needed.

Thank you in advance.

CEJ

Labels:
0 Helpful
2 Replies 2

srue
Level 7
Level 7

‎03-11-2008 11:19 AM

here's a generic config for enabling ipsec passthru...

class-map ike_traffic

match port udp eq 500

policy-map global_policy

class ike_traffic

inspect ipsec-pass-thru

access-list outside_in permit udp any any eq 500

access-group outside_in in interface outside

------------------

just to be sure, you have a vpn device behind (internal to) the asa 5505 and you're not terminating vpn's on the 5505?

0 Helpful

cejhelp04
Level 1
Level 1
In response to srue

‎03-11-2008 01:02 PM

Thank you srue for your response. I have tried working with the config you posted, but I have not had success so far.

To your question, I am hoping to use the Cisco software VPN client as the endpoint behind the asa 5505.

I am trying to avoid terminating on the 5505 itself, as I would prefer no auto connect, and also want to limit vpn access only to computers with the software client installed.

Is this a logical pursuit?

Thanks

CEJ

0 Helpful
Customers Also Viewed These Support Documents