We have a group of clients working inside of our facility who need to access
their office network using the Nortel Contivity Vpn software through our Pix
firewall and have requested that we make the required configuration changes
to our Pix device to allow these connections.
The following is a suggested firewall configuration to allow the Extranet connection:
Protocol 17 (UDP) source + destination port of 500 must be open
Protocol 50 (ESP) must be open both inbound and outbound, port NA
Protocol 51 (AH) must be open both inbound and outbound, port NA
Additionally if you are doing NAT or anything in between the customer and our end
point is using NAT, you will need UDP port 4500 outbound open from your system to the
Extranet server (x.x.x.x). This takes the place of protocols 50 and 51.
Can anyone instruct us as to what commands need to be issued to our Pix device to enable these connections?
Thanks in advance for your cooperation.