03-11-2008 08:22 AM - edited 02-21-2020 03:37 PM
How do I allow VPN passthrough on my ASA 5505? I believe I need to allow at leaste ports 500 udp and 4500 udp and port 50 TCP??
Can someone please give example of correct access-list needed.
Thank you in advance.
CEJ
03-11-2008 11:19 AM
here's a generic config for enabling ipsec passthru...
class-map ike_traffic
match port udp eq 500
policy-map global_policy
class ike_traffic
inspect ipsec-pass-thru
access-list outside_in permit udp any any eq 500
access-group outside_in in interface outside
------------------
just to be sure, you have a vpn device behind (internal to) the asa 5505 and you're not terminating vpn's on the 5505?
03-11-2008 01:02 PM
Thank you srue for your response. I have tried working with the config you posted, but I have not had success so far.
To your question, I am hoping to use the Cisco software VPN client as the endpoint behind the asa 5505.
I am trying to avoid terminating on the 5505 itself, as I would prefer no auto connect, and also want to limit vpn access only to computers with the software client installed.
Is this a logical pursuit?
Thanks
CEJ
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: