03-01-2006 08:41 AM - edited 02-21-2020 02:17 PM
I have a pix 525 ver 6.3(2) I have some consultants who want me to allow them to vpn out of network to their vpn concentrator 3000. (Which I have very little information about)What ports to I open to allow this?
03-07-2006 11:36 AM
Use Client Address; Check this box to let the client specify its own IP address. For maximum security, we recommend that you control IP address assignment and not use client-specified IP addresses. Do not check only this box if you are using IPSec, since IPSec does not allow client-specified IP addresses.
Make sure the setting here is consistent with the setting for Use Client Address on the PPTP/L2TP Parameters tab on the User Management | Base Group screen. A different Use Client Address setting for specific groups and users overrides the setting here and on the base group screen.
03-07-2006 12:07 PM
I am not sure if this command is implemented in 6.3.2
but try on CLI if it exists.
fixup protocol esp-ike
The fixup protocol esp-ike command enables PAT for Encapsulating Security Payload (ESP), single tunnel.
The fixup protocol esp-ike command is disabled by default. If a fixup protocol esp-ike command is issued, the fixup is turned on, and the firewall preserves the source port of the Internet Key Exchange (IKE) and creates a PAT translation for ESP traffic. Additionally, if the esp-ike fixup is on, ISAKMP cannot be turned on any interface.
sincerely
Patrick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide