11-11-2005 05:27 AM - edited 02-21-2020 02:05 PM
Hi,
How can I allow my users behind a pix firewall with NAT/PAT to start a vpn connection to outside? Any help will be appreciated
11-12-2005 03:39 AM
it also depends on the kind of vpn, ipsec or pptp?
assuming internet connectiviy is active for the inside host, and no outbound restriction.
for ipsec, an inbound acl maybe required in permitting the followings:
udp 500
udp 4500
esp
for pptp, all required is the fixup protocol command:
fixup protocol pptp 1723
11-14-2005 05:16 PM
Hi
The technique that you use is largely dependant on the specific VPN client and the device they are connecting too. If the client is the Cisco VPN client and the device supports NAT Transversal or IPSec/UDP, you shouldn't really have to do anything.
However, many VPN solutions do not support these features. In these cases you may have to create a static nat between the PC and an available outside IP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide