Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN from Internal Network to External - PIX 501

I've got a complex network that I'm trying to VPN from within to an external network at a remote site that is directly on the internet.

I was able to get the setup to work properly in a test environment, but it won't work from the Internet or from my internal network. I suspect there's a firewall on my ISPs network that is getting in the way, though I want to ensure I've covered all the bases on my end.

To clarify in more detail, I've actually setup two different VPNs. The PPTP version works from the internet, but not the internal network because GRE is blocked from my ISPs FW (I've confirmed that with them and they are unwilling to change). The L2TP/IPSEC VPN works in my test lab, but not on the Internet or from my Internal Network.

The client is a WinXP VPN client. The VPN server is the PIX 501 at the remote site hung on an IDSL router.

My guess is the IDSL router may not support IPSEC or my ISP's FWs may be blocking the traffic, just like with PPTP.

I'd like to confirm my config, to ensure I'm not missing anything and potentially get ideas that could help me bypass the FWs. The ISP told me that it ought to work using UDP Port 10000 for the IPSEC or IKE, but I don't know if that can be configured in a 501.

I appreciate anyones help and advice.

Let me know if you need more information on my network.