04-23-2008 09:13 PM - edited 03-03-2019 09:40 PM
here's my set-up:
1. PC with Contivity VPN Client software-> Cisco871 router (w/out ACL on intVLAN1)->Internet
result: OK
2. PC with Contivity VPN Client software-> Cisco871 router (w/ ACL on intVLAN1)->Internet
result: connection failed
my ACL for this is:
access-list 101 permit udp any <vpn server> eq isakmp
access-list 101 permit udp any <vpn server> eq 10000
I believe that my problem is ACL since my connection is successful without ACL.
Can you help me modify my ACL to allow PCs with Contivity VPN client to connect to the VPN server.
Thanks in advance!!!
04-24-2008 07:44 AM
1) Look at the direction of the acl you applying to VLAN. 2) Consult your Nortel documentation to make sure you list all the ports covered in your ACL. Make sure client deos not use "dynamic" ports, in this case you will have troubles defining your ACL...
04-27-2008 04:05 PM
Thanks for your reply!
I have resolved this issue by adding
to my ACL to permit AHP and ESP.
access-list 101 permit esp
access-list 101 permit ahp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide