Recently I got the troublesome task to manage an existing (and messy) network.
The network is protected by a PIX 515e, and i'm having trouble allowing VPN connections to pass through it. As matter of fact, I can not even allow the users to ping hosts on the internet, despite the fact that the ACLs are seem to be fine.
Let me post the config here, some of you might be able to point out the error.
Also, i'm not 100% familiar with this config, since i did not make it, and there are devices (the router for example) which is not managged by me, thus i can not access.
Right now I can't test your suggestion, but will do in the morning. However, as far as i know udp port 500 is needed for ISAKMP/IPSEC Key Management.
Am I not supposed to open tcp port 1723 also? PPTP Control Connection needs it afaik. Correct me if i'm wrong.
I'm not certain I fully understand the global pool and the nat statements, since I never had to deal with them. Of cours i'll look over the subject in my references, but i'd appriciate if you could explain it a bit more detailed.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...