Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing Cisco VPN client thru Pix

Hello NetPro;

Cisco VPN client is not able to establish a connection from internal network to outside.

We are running....

PIX 525, Version 6.3(5)

Any help is greatly appreciated.

Thank You

1 REPLY

Re: Allowing Cisco VPN client thru Pix

For reference, to use cisco vpn client from inside to connect to an outside RA Ipsec VPN server you simply need Ipsec pass through inspection configured in your global policy for code 7.x and above.

policy-map global_policy

class inspection_default

inspect ipsec-pass-thru

For PIX 6.x you need to open up Ipsec ports udp 500, udp 4500 and protocol 50 esp and apply the acl to outside interface.

e.i

access-list 101 permit udp any any eq 500 log

access-list 101 permit udp any any eq 4500 log

access-list 101 permit esp any any log

Also enable nat traversal in PIX:

isakmp nat-traversal 20

HTH

-Jorge

103
Views
3
Helpful
1
Replies