i have a problem with my vpn client not connecting to other corporate vpn server, I have a INBOUND access-list on my router which is permitting only the below access-list. When i remove the below access-list from the interface remote vpn works fine. what other protocols i shld allow.
The traffic flow is from internet (means to other corporate network) to internal LAN , what i have mentioned above is for the return Inbound traffic on the Internet router. For outbound traffic i hvae permitted everything.
I understand your query. There should not be any issue... the ports looks fine.... It should work....
But we need to have few other ports to be added to work this out.... You just check your logs / do packet capture to check
if anything specifically for the vpn client or vpn server specific ports. See for example if a VPN client uses some specific port to get the vpn connection..... If the VPN request comes with some specific source port... then it will not allow.... Also this depends on the VPN client configuration as well.... if u configured the vpn to use udp nat traversal... it should work....
try allowing tcp and udp ports 10000,10001-cisco & 2746-checkpoint/eras vpn clinets.... if not working try allowing the range 1024-65535 for tcp and udp..... and check the hits and get the confirmed....
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...