10-08-2008 01:56 PM - edited 03-09-2019 09:38 PM
I can not establish a VPN connection from my VPN client while outside, but can from inside. I assume I need to open a port on my IOS firewall but I am not sure which one. I opened isakmp but that didn't help.
This is a 2801 with 12.4(15)t. Any Suggestions? The config is attached. Thanks!
10-08-2008 03:59 PM
Robert,
I hope the below information is useful.
ISAKMP - UDP 500
ESP - Protocol 50
NAT-T - UDP 4500
IPSEC Over UDP - UDP 10000 (Default)
IPSEC Over TCP - TCP 10000 (Default)
Regards,
Arul
** Please rate all helpful posts **
10-08-2008 04:07 PM
HI Arul
i wondering about the port to be opened
as long as this device the the vpn termenation device it dosent need to open the vpn port unless the device is dont passthrough am i right in this ?
10-09-2008 10:10 AM
From what I understood with the initial question is, there is an IOS Firewall before the VPN Device that is blocking traffic and ports need to be opened for IPSEC.
Regards,
Arul
10-08-2008 04:05 PM
do the following change
interface Virtual-Template2 type tunnel
interface FastEthernet0/1
after u get connected u will have problem that the vpn client will get connceted and get IP from the pool but can not communicate with inside hosts!!!
becuase u need to exmpt the traffic going from inside network to vpn pool from nating
u can do it is in ur nating ACL make first line as deny source ur LAN destination vpn pool and i would suggest u to use ip addresing for u vpn pool diffrent that the LAN rnage to avoide any subneting issues
good luck
if helpful Rate
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: