Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
0
Helpful
2
Replies

IPSEC Client trough the pix firewall

sfanayei
Level 1
Level 1

‎11-11-2005 05:27 AM - edited ‎02-21-2020 02:05 PM

Hi,

How can I allow my users behind a pix firewall with NAT/PAT to start a vpn connection to outside? Any help will be appreciated

Labels:
0 Helpful
2 Replies 2

jackko
Level 7
Level 7

‎11-12-2005 03:39 AM

it also depends on the kind of vpn, ipsec or pptp?

assuming internet connectiviy is active for the inside host, and no outbound restriction.

for ipsec, an inbound acl maybe required in permitting the followings:

udp 500

udp 4500

esp

for pptp, all required is the fixup protocol command:

fixup protocol pptp 1723

0 Helpful

brad
Level 1
Level 1

‎11-14-2005 05:16 PM

Hi

The technique that you use is largely dependant on the specific VPN client and the device they are connecting too. If the client is the Cisco VPN client and the device supports NAT Transversal or IPSec/UDP, you shouldn't really have to do anything.

However, many VPN solutions do not support these features. In these cases you may have to create a static nat between the PC and an available outside IP.

0 Helpful
Customers Also Viewed These Support Documents