Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Allowing Cisco VPN client through PIX

Hi.I'm trying to allow Cisco VPN client from our company's LAN to remote resources.

There is PAT set up on the PIX and I will add the following lines to the ACL on the inside interface to allow access for the client:

permit tcp x.x.x.x y.y.y.y eq 50

permit tcp x.x.x.x y.y.y.y eq 51

permit udp x.x.x.x y.y.y.y eq 500

permit udp x.x.x.x y.y.y.y eq 4500

I haven't done anything like this before so I don't know if this will be enough to allow the client connection to remote resources.

Do I need to do anything else for this to work?

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: Allowing Cisco VPN client through PIX

That should be good for the local pix, but make sure nat-traversal is enabled on remote device.

esp and ah are protocols, not ports. 50 and 51.

permit esp x.x.x.x y.y.y.y

permit ah x.x.x.x y.y.y.y

permit udp x.x.x.x y.y.y.y eq 500

permit udp x.x.x.x y.y.y.y eq 4500

2 REPLIES
Green

Re: Allowing Cisco VPN client through PIX

That should be good for the local pix, but make sure nat-traversal is enabled on remote device.

esp and ah are protocols, not ports. 50 and 51.

permit esp x.x.x.x y.y.y.y

permit ah x.x.x.x y.y.y.y

permit udp x.x.x.x y.y.y.y eq 500

permit udp x.x.x.x y.y.y.y eq 4500

New Member

Re: Allowing Cisco VPN client through PIX

Thanks for the correction on the ACL.

The remote PIX isn't under my control so I'll pass that information to the other administrator.

Thanks for the fast reply.

94
Views
5
Helpful
2
Replies
CreatePlease to create content