My access lists have names/numbers. Do I create a new group with a name or is "inside" above the name? Also, above you specify . Would I have to set this up for each host that is running the nortel client? Can I specify a subnet so that all my users could potentially run this vpn client?
The "inside" is the name, also you are saying that you have a mixture of names and numbers - correct? you can use numbers if you like but I find it better with names. How many inside clients have you got? If all your clients are on the same subnet, say, 192.168.10.10 then you could write the ACL as -
access-list permit tcp host 192.168.10.0 255.255.255.0 any eq 500
access-list permit udp host 192.168.10.0 255.255.255.0 any eq 10000
access-list permit ip any any
access-group in interface inside
Also, here's a good document on ACLs - one thing to remember is that on routers you use 'wildcard masks' i.e. on router ACL 255.255.255.0 will be 0.0.0.255 and on PIX it will not i.e. 255.255.255.0 - all explained on this document:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...