How can I configure VPN pass though on a c2821 Router ?

Unanswered Question
Jul 9th, 2008

Are there any docs available to explain and show VPN pass through configuration. I have a c2821 which will be performing PBR, but I'm not clear on how to configure VPN pass through. The VPNs that pass through are going to terminate on a Checkpoint FW.

Thanks in Advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Wed, 07/09/2008 - 08:47


You need to allow the ipsec ports and protocols or pptp vpn ports and protocols if using microsoft vpn client via acl, create an acl and apply it to your outbound interface facing internet.

Example in a router:

If using Cisco VPN client it needs isakmp = UDP 500, nat-t UDP 4500 and ESP protocol 50

access-list 101 permit udp any any eq 500 log

access-list 101 permit udp any any eq 4500 log

access-list 101 permit esp any any log


ip access-group 101 in

if using microsoft PPTP vpn client you need to allow tcp 1732 and protocol GRE.

access-list 101 permit tcp any any eq 1723 log

access-list 101 permit gre any any log


ip access-group 101 in

If using both vpn clients combine the acl 101 together and apply it to outbound interface.

This will allow your inside users to be able to vpn outbound .



schughtai Wed, 07/09/2008 - 13:28

Jorge -

Many thanks for this - I'll give this a go




This Discussion