Re: Outbound VPN Connections-Firewall Newbie

henrysacco · ‎03-18-2004

I have a small company with a single pix that seems to be blocking outbound vpn connections. The companies professional services dept need to connect to other company networks using the other companies vpn clients (mostly cisco).

I didnt set up this firewall, an administrator before me did. What should i be looking for as far as filtering?

mostiguy · ‎03-18-2004

you should be looking to give us more info ;-)

Are you using NAT/PAT?

Look for any "access-group xxxxx in interface inside " commands. If there is one that references the inside interface, that is the one that would impact outbound communication the most.

henrysacco · ‎03-18-2004

Yes, all the internal networks are using NAT. What ports/services would have to be filtered to block this traffic?

mostiguy · ‎03-18-2004

for ipsec, udp 500 and esp and ah protocols (ip protocols 50 and 51 respectively). for pptp, gre and a tcp port whose number i cannot recall.

that said, do you know for certain the vpn solution will work from behind nat?

henrysacco · ‎03-18-2004

No, i guess i am not sure if it will work from behind nat, but never thought that to be a problem.

Half of this company employees, including myself have home wireless routers that use nat. We all connect our our companies vpn fine from 192.168.x.x.

Is there something more to vpn and nat that i should know about?