Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSEC Client trough the pix firewall

Hi,

How can I allow my users behind a pix firewall with NAT/PAT to start a vpn connection to outside? Any help will be appreciated

2 REPLIES
Gold

Re: IPSEC Client trough the pix firewall

it also depends on the kind of vpn, ipsec or pptp?

assuming internet connectiviy is active for the inside host, and no outbound restriction.

for ipsec, an inbound acl maybe required in permitting the followings:

udp 500

udp 4500

esp

for pptp, all required is the fixup protocol command:

fixup protocol pptp 1723

New Member

Re: IPSEC Client trough the pix firewall

Hi

The technique that you use is largely dependant on the specific VPN client and the device they are connecting too. If the client is the Cisco VPN client and the device supports NAT Transversal or IPSec/UDP, you shouldn't really have to do anything.

However, many VPN solutions do not support these features. In these cases you may have to create a static nat between the PC and an available outside IP.

108
Views
0
Helpful
2
Replies