Cisco Support Community
Community Member

Initiating VPN client connection from inside PIX to a remote VPN Gateway


I am facing problem when initiating the vpn client connection from inside network of the pix firewall to a remote location having VPN Gateway.PIX 501 is used between the internet router and the local LAN and the internet access is enabled for the local users by enavling dynamic NAT (PAT) in pix firewall.

Is there any issuses between VPN traffic and PAT or any specific traffic has to be enabled for the specific PAT public ip address.Please clarify on this issue.


Community Member

Re: Initiating VPN client connection from inside PIX to a remote

If you are trying to initiate a VPN connection from inside the firewall you will need to open some inbound ports.

Depending on the VPN server/client being used you will need to open either gre (for pptp), or udp port 500 (isakmp), as well as a port assigned on the server like udp 10000. Some will require esp and/or ahp.

The easiest way to tell which ports you need open, if you don't have access to the server or it's configuration, is to check your syslog and see what's getting dropped when you try to make a connection.


CreatePlease to create content