Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 6.4 allowing pass-through ipsec for windows2003

Hello,

I have set up the ipsec between two servers to pass through firewall.

I had to allow both directions from host to host on tcp/udp 500,88 and had to put ip any access-list entry as well to make it work.

the question is: we are using PIX 6.4 and i have not find the command to specify in acl to allow only ip port 50 and 51 I had to open the entire ip protocol.

Could anyone send me a link if there is an option to reduce number of ports for 'permit ip' statement in PIX 6.4.

Thanks

3 REPLIES
New Member

Re: PIX 6.4 allowing pass-through ipsec for windows2003

To allow port ESP 50 just use:

access-list extended permit ESP any any

To allow port AH 51 just use:

access-list extended permit AH any any

New Member

Re: PIX 6.4 allowing pass-through ipsec for windows2003

Worked wonders, thanks a lot, exactly what I was looking for.

Is there a guide on cisco side such as best practice guide for FW ACL's, I can't find anyting concise as of yet.

Thanks for you help, Anna

New Member

Re: PIX 6.4 allowing pass-through ipsec for windows2003

Hi Anna. There are several materials referencing on just basic ACL's designs (not specific to FW) but it's pretty much the same concept. The one that I used is from O'Reilly called "Cisco IOS Access List".

Glad I could help.

Jerome

154
Views
0
Helpful
3
Replies