Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC passthrough on ASA5505

Trying to set up ASA 5505 to allow IPSEC passthru for AT&T Global network Client VPN.

5 REPLIES
New Member

Re: IPSEC passthrough on ASA5505

Create an ACL to allow the traffic to pass? Assuming you're using esp and ike.

access-list 111 permit esp

access-list 111 permit udp eq isakmp

access-group 111 in interface outside

That will let it pass through un-natted. If you need to nat then you'll need to create a static nat.

Gold
New Member

Re: IPSEC passthrough on ASA5505

Did that part already...looks like a static nat is in order.

New Member

Re: IPSEC passthrough on ASA5505

Oh yeah, I just remembered, if the clients are using NAT traversal, you'll need to permit the UDP port being used - most often UDP 10000 but could be whatever port NAT-T is set to.

Re: IPSEC passthrough on ASA5505

These are the IPsec vpn ports that need to be allowed through.

udp 500

udp 4500

protocol 50 esp

7223
Views
0
Helpful
5
Replies