03-18-2004 10:43 AM - edited 02-21-2020 01:04 PM
I have a small company with a single pix that seems to be blocking outbound vpn connections. The companies professional services dept need to connect to other company networks using the other companies vpn clients (mostly cisco).
I didnt set up this firewall, an administrator before me did. What should i be looking for as far as filtering?
03-18-2004 10:47 AM
you should be looking to give us more info ;-)
Are you using NAT/PAT?
Look for any "access-group xxxxx in interface inside " commands. If there is one that references the inside interface, that is the one that would impact outbound communication the most.
03-18-2004 10:54 AM
Yes, all the internal networks are using NAT. What ports/services would have to be filtered to block this traffic?
03-18-2004 11:40 AM
for ipsec, udp 500 and esp and ah protocols (ip protocols 50 and 51 respectively). for pptp, gre and a tcp port whose number i cannot recall.
that said, do you know for certain the vpn solution will work from behind nat?
03-18-2004 11:49 AM
No, i guess i am not sure if it will work from behind nat, but never thought that to be a problem.
Half of this company employees, including myself have home wireless routers that use nat. We all connect our our companies vpn fine from 192.168.x.x.
Is there something more to vpn and nat that i should know about?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: