Ok, I have a cisco 1721 runing 12.4 advanced enterprise as my firewall/router, and terminates my dial in VPN. The vpn works, however I cannot ping addresses inside the remote lan unless i add the following line in my ACL on the internet facing interface: permit ip any any
I have already allowed udp 500, 4500, and 10000. When I do a show access-list inbound, I show a hitcount for isakmp, but not for 4500 or 10000, and notice an increasing number on the deny ip any any After I ping. Now when I put the permit any any it works. Is this a quick fix if not I will scrub my config and paste it in.
Adding permit ip any any generally allows all ip address with any ports thats why you se the count. You will find hit counts for Port 4500 only if you have NAT-T enabled and Port 10,000 for split tunneling.
I think I found my issue. I added a line for "permit ESP any any" and it seemed to fix it, even with out the permit ip any any. The funny thing is tho that I am not seeing any counters on the ACL line for permit esp any any but its working.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...