Port 10000 or UDP 500 on firewall.

Unanswered Question
Apr 23rd, 2008
User Badges:

Do I have to open port on firewall in order to use vpn client3.x or 4.x to connect to outside network. How do I configure my ASA to allow port TCP 10000 or udp 500 opened.

Clarification: my user inside network unable to connect to outside network using vpn client.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Wed, 04/23/2008 - 19:17
User Badges:
  • Green, 3000 points or more

Kehinde,


To use cisco vpn client from inside to connect to an outside RA Ipsec VPN server you simply need Ipsec pass through inspection configured in your global policy.


ciscoasa(config)# policy-map global_policy

ciscoasa(config-pmap)#class inspection_default

ciscoasa(config-pmap-c)#inspect ipsec-pass-thru

ciscoasa(config-pmap-c)#exit



See Ipsec pass through inspection section

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html


you may also want to enable nat-t

ciscoasa(config)#crypto isakmp nat-traversal 20


Nat-T backround

http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/c5.html#wp2195488


Once done your inside cisco vpn clients should be able to vpn outside.



HTH

Rgds

Jorge


Actions

This Discussion