05-18-2010 05:00 AM
here's a basic network diagram:
*internet* ---- [cisco 831] ---- [pix 501] ---- *internal network*
i want the ablity to connect to my network when i'm away from home. i configured the pix and tested it; i can establish a secure tunnel.
unfortunately, i don't know how to forward all ipsec traffic from the internet, through the 831, and to the pix.
can someone help out with the port forwarding commands and the inbound access list, if i need one of those too?
05-18-2010 07:21 AM
You need a static IP address on the Router or PIX.
The you need to forward the relevant Protocols & TCP/UDP "Thru" the router to the PIX.
Protocol 50
UDP 500
UDP 4500
Enable NAT-T on the PIX to allow UDP/TCP encapsulation of IPSEC traffic, this will enable you to use networks that do not allow IPSEC traffic accrosd them.
HTH>
05-18-2010 12:38 PM
In addition to what Andrew posted, I believe you will also need to allow IP protocol 51 (Authentication Header) through your 831.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: