Hi,

Not sure - I sort of assumed IPSEC/L2TP is the same thing and then you have PPTP ??

The 871W will be behind a firewall but have a static external address. My end is fine as the PIX will be doing the connection to the 871W.. Does that make sense ?

Thanks

Ed

Ed

I really donno why they are putting the 871 router behind a firewall.. Havent seen many designs like this. Dont they have an external router to terminate VPN connections ? or cant they terminate the VPN on the firewall ?

In any case, if you want IPSEC to work, the firewall must allow IP Protocols ESP (50), AH (51). You also need to allow IKE, which works on UDP 500.

access-list 100 permit esp any host 1.1.1.1

access-list 100 permit ahp any host 1..1.1.1

access-list 100 permit udp any host 1.1.1.1 eq isakmp

For L2TP and PPTP you have other ports.

Hope this helps.. all the best..

Raj

Is there a easy way for me to tel if its L2TP or IPSEC - sorry still on hols and not all here. I should now this myself as I coded the PIX. Back to work tomorrow - don't know what I'm going to be like :)

The reason its behind a firewall is simple. Some locations where my exhibition is touring may not have a IT team or may not be able to provide a internet connection that is infront of there own defenses - unfortantly it happens....

Thanks

Ed

Ed..

This is a site to site tunnel right ? not remote access VPN ? If it is site-to-site, am sure it would be IPSEC.. you can see "crypto" commands on the PIX, to identify it as IPSEC. If it is remote access, it could be anything between IPSEC, L2TP, PPTP etc.. these are the standards used elsewhere.. If it is IPSEC, allow the ports that I had given you in my first post, and it should work then.. You also need to allow ICMP through, with the TCP/IP protocols given.

Hope this helps.. all the best..

Raj