Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
3
Replies

PIX 6.4 allowing pass-through ipsec for windows2003

ajanowska1
Level 1
Level 1

‎06-25-2009 09:27 AM - edited ‎02-21-2020 04:16 PM

Hello,

I have set up the ipsec between two servers to pass through firewall.

I had to allow both directions from host to host on tcp/udp 500,88 and had to put ip any access-list entry as well to make it work.

the question is: we are using PIX 6.4 and i have not find the command to specify in acl to allow only ip port 50 and 51 I had to open the entire ip protocol.

Could anyone send me a link if there is an option to reduce number of ports for 'permit ip' statement in PIX 6.4.

Thanks

Labels:
0 Helpful
3 Replies 3

jliscano
Level 1
Level 1

‎06-25-2009 10:53 AM

To allow port ESP 50 just use:

access-list extended permit ESP any any

To allow port AH 51 just use:

access-list extended permit AH any any

0 Helpful

ajanowska1
Level 1
Level 1
In response to jliscano

‎06-25-2009 12:24 PM

Worked wonders, thanks a lot, exactly what I was looking for.

Is there a guide on cisco side such as best practice guide for FW ACL's, I can't find anyting concise as of yet.

Thanks for you help, Anna

0 Helpful

jliscano
Level 1
Level 1
In response to ajanowska1

‎06-25-2009 12:50 PM

Hi Anna. There are several materials referencing on just basic ACL's designs (not specific to FW) but it's pretty much the same concept. The one that I used is from O'Reilly called "Cisco IOS Access List".

Glad I could help.

Jerome

0 Helpful
Customers Also Viewed These Support Documents