01-15-2008 03:59 AM - edited 03-11-2019 04:48 AM
I have a cisco router with firewall IOS and internet connection,on the outside interface there is an access-list that deny anything from outside and on the inside interface there are an inspection rules..I would like to configure easy VPN client so that users can connect remotely..do this configuration cause a problem for a remote user to connect to internal network.
01-16-2008 08:45 AM
any suggestions????
08-16-2008 07:55 AM
I need your help in this issue ?? what are the ACL's needed at outside interface to enable easy VPN connection..user will be able to connect to inside network through easy vpn only ..... Regards,,,
08-16-2008 11:23 AM
Hi,
You should permit UDP 500 and ESP protocol on the Outside Interface inbound ACL, for EZVPN to work.
Again if the clients are using NAT-T then you have to allow , UDP 500 and UDP 4500.
If the Outside interface is S0/0 and IP is A.B.C.D, then use this
access-list 121 permit udp ANY host A.B.C.D eq 500
access-list 121 permit esp ANY host A.B.C.D
int S0/0
ip access-group 121 in
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide