Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

simple ACL question to allow VPN client through

Hi - I have a simple question. A machine on our network is running the Nortel Contivity software VPN client on his machine. The machine is NATted on our Cisco 2610 router. I want to create an access-list entry to allow VPN traffic to and from this machine to a particular IP address on the Internet. The VPN client uses IPSEc and ISAKMP key exchange.

Make sense? Anyone know the line? I have the IP Firewall IOS (but do not have CBAC turned on just yet - just the access lists).

  • Other Security Subjects
3 REPLIES
Cisco Employee

Re: simple ACL question to allow VPN client through

Depends on which way your ACL is set up, inbound or outbound. Basically you want to allow the following:

> access-list 100 permit udp eq isakmp

> access-list 100 permit esp

> access-list 100 permit ahp

If this is applied inbound on your Interet-facing interface, then will be the Nortel VPn gateway and will be the Nortel VPN clients NAT address. Keep in mind that for this to work properly you'll probably need a one-to-one NAT translation for this internal VPN PC.

New Member

Re: simple ACL question to allow VPN client through

another stupid question I guess - I'm getting '% incomplete command' after typing in that first permit udp message. I type in the as an IP addres and as another, should I be putting in netmasks (or inverse masks)? i'm rather new at this.

Cisco Employee

Re: simple ACL question to allow VPN client through

Oops, sorry about that, that's two typos I made yesterday, I must be getting rusty.

what you need to enter in is:

> access-list 100 permit udp host host eq isakmp

> access-list 100 permit esp host host

> access-list 100 permit ahp host host

Sorry about that.

102
Views
0
Helpful
3
Replies
This widget could not be displayed.