Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 1721 with IOS Firewall and VPN out

We have a 1721 with the IP/FW/IDS feature set. Everything works with the Firewall/ACL and NAT when implemented. Except, I have 2 users that need to VPN out to a remote client site. One of these 2 users has a static NAT mapping so we can access port 80 on his machine. Not sure if that matters.

here is my acl:

ip access-list extended CBT-ACL

permit tcp any host 208.251.20.187 eq smtp

permit tcp any host 208.251.20.186 eq www

permit tcp any host 208.251.20.189 eq www

permit tcp any host 208.251.20.188 eq www

permit tcp any host 208.251.20.186 eq 3389

deny ip any any

here are my ip inspect statements:

ip inspect name CBTFW ftp timeout 3600

ip inspect name CBTFW http timeout 3600

ip inspect name CBTFW rcmd timeout 3600

ip inspect name CBTFW realaudio timeout 3600

ip inspect name CBTFW tftp timeout 30

ip inspect name CBTFW udp timeout 15

ip inspect name CBTFW h323 timeout 3600

ip inspect name CBTFW tcp timeout 3600

ip inspect name CBTFW cuseeme timeout 3600

ip inspect name CBTFW smtp timeout 3600

Thanks for any help

1 REPLY
Bronze

Re: Cisco 1721 with IOS Firewall and VPN out

If what you are saying is implementing IPSec VPN with NAT and CBAC, check out this link for sample configuration.

http://www.cisco.com/warp/customer/707/quicktip.html

The order of operation matters when you have such a configuration and the packet traverses from an inside interface to an outside interface. This link has more information about this :

http://www.cisco.com/warp/customer/556/5.html

88
Views
0
Helpful
1
Replies
CreatePlease to create content