cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
323
Views
0
Helpful
1
Replies

connecting to external VPN concentrator through PIX firewall

ppierre
Level 1
Level 1

Hi all, currently we have some consultants who need to access their network using their 3.6 clients on their laptops to connect to their 3000 concentrators over the Internet through our PIX. My problem is what ports and protocols do i need to let pass through my PIX in order to give them the functionality that they need? Is it udp 4500 and 10000? Here is an example of my outbound list: Anybody?

nat (inside) 1 192.168.3.0 255.255.255.0 0 0

outbound 10 deny 192.168.3.0 255.255.255.0 0 0

outbound 10 permit 192.168.3.36 255.255.255.255 10000 udp

outbound 10 permit 192.168.3.36 255.255.255.255 4500 udp

1 Reply 1

gfullage
Cisco Employee
Cisco Employee

You'll need to allow UDP port 500 (ISAKMP), and then depending on whether they're using NAT-T (UDP port 4500) or IPSec over UDP (defaults to UDP port 10000) open either one of those.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: