Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Passthrough question

How do I allow VPN passthrough on my ASA 5505? I believe I need to allow at leaste ports 500 udp and 4500 udp and port 50 TCP??

Can someone please give example of correct access-list needed.

Thank you in advance.

CEJ

2 REPLIES
Gold

Re: VPN Passthrough question

here's a generic config for enabling ipsec passthru...

class-map ike_traffic

match port udp eq 500

policy-map global_policy

class ike_traffic

inspect ipsec-pass-thru

access-list outside_in permit udp any any eq 500

access-group outside_in in interface outside

------------------

just to be sure, you have a vpn device behind (internal to) the asa 5505 and you're not terminating vpn's on the 5505?

New Member

Re: VPN Passthrough question

Thank you srue for your response. I have tried working with the config you posted, but I have not had success so far.

To your question, I am hoping to use the Cisco software VPN client as the endpoint behind the asa 5505.

I am trying to avoid terminating on the 5505 itself, as I would prefer no auto connect, and also want to limit vpn access only to computers with the software client installed.

Is this a logical pursuit?

Thanks

CEJ

918
Views
0
Helpful
2
Replies