Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco VPN client through a PIX Firewall

Hi, has anyone ever configured a pix to site between a local LAN switch and an internet broadband router to basically block all trafic except for outgoing vpn connections using cisco vpn client to a cisco vpn concentrator from pc's located on the local LAN.

If anyone has got this kind of setup working then it would be usefull to get an overview of how, I have searched the net but can't seem to find anything specific to what im trying to achieve.

The info im interested in is what specific protocols/ports need to be allowed through, any speatures that need to be enabled on the pix, etc.

Thanks in advance.

2 REPLIES
Green

Re: Cisco VPN client through a PIX Firewall

The ipsec vpn ports which would need to be allowed through would be

udp 500

udp 4500

protocol 50 esp

You could simply create an access-list on your inside interface allowing only these ports outbound.

access-list inside permit udp any any eq 500

access-list inside permit udp any any eq 4500

access-list inside permit esp any any

access-group inside in interface inside

or more specifically

access-list inside permit udp any host eq 500

access-list inside permit udp any host eq 4500

access-list inside permit esp any host

access-group inside in interface inside

Community Member

Re: Cisco VPN client through a PIX Firewall

Thanks for the prompt reply, ill try that out.

542
Views
0
Helpful
2
Replies
CreatePlease to create content