Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

connecting to external VPN concentrator through PIX firewall

Hi all, currently we have some consultants who need to access their network using their 3.6 clients on their laptops to connect to their 3000 concentrators over the Internet through our PIX. My problem is what ports and protocols do i need to let pass through my PIX in order to give them the functionality that they need? Is it udp 4500 and 10000? Here is an example of my outbound list: Anybody?

nat (inside) 1 192.168.3.0 255.255.255.0 0 0

outbound 10 deny 192.168.3.0 255.255.255.0 0 0

outbound 10 permit 192.168.3.36 255.255.255.255 10000 udp

outbound 10 permit 192.168.3.36 255.255.255.255 4500 udp

1 REPLY
Cisco Employee

Re: connecting to external VPN concentrator through PIX firewall

You'll need to allow UDP port 500 (ISAKMP), and then depending on whether they're using NAT-T (UDP port 4500) or IPSec over UDP (defaults to UDP port 10000) open either one of those.

204
Views
0
Helpful
1
Replies
CreatePlease login to create content