Allowing Cisco VPN client thru Pix

Unanswered Question
May 7th, 2008

Hello NetPro;

Cisco VPN client is not able to establish a connection from internal network to outside.

We are running....

PIX 525, Version 6.3(5)

Any help is greatly appreciated.

Thank You

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
JORGE RODRIGUEZ Wed, 05/07/2008 - 08:26

For reference, to use cisco vpn client from inside to connect to an outside RA Ipsec VPN server you simply need Ipsec pass through inspection configured in your global policy for code 7.x and above.

policy-map global_policy

class inspection_default

inspect ipsec-pass-thru

For PIX 6.x you need to open up Ipsec ports udp 500, udp 4500 and protocol 50 esp and apply the acl to outside interface.

e.i

access-list 101 permit udp any any eq 500 log

access-list 101 permit udp any any eq 4500 log

access-list 101 permit esp any any log

Also enable nat traversal in PIX:

isakmp nat-traversal 20

HTH

-Jorge

Actions

This Discussion