Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
3
Helpful
1
Replies

Allowing Cisco VPN client thru Pix

sean-boston
Level 1
Level 1

‎05-07-2008 07:32 AM - edited ‎03-11-2019 05:41 AM

Hello NetPro;

Cisco VPN client is not able to establish a connection from internal network to outside.

We are running....

PIX 525, Version 6.3(5)

Any help is greatly appreciated.

Thank You

Labels:
0 Helpful
1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

‎05-07-2008 08:26 AM

For reference, to use cisco vpn client from inside to connect to an outside RA Ipsec VPN server you simply need Ipsec pass through inspection configured in your global policy for code 7.x and above.

policy-map global_policy

class inspection_default

inspect ipsec-pass-thru

For PIX 6.x you need to open up Ipsec ports udp 500, udp 4500 and protocol 50 esp and apply the acl to outside interface.

e.i

access-list 101 permit udp any any eq 500 log

access-list 101 permit udp any any eq 4500 log

access-list 101 permit esp any any log

Also enable nat traversal in PIX:

isakmp nat-traversal 20

HTH

-Jorge

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card