12-06-2001 06:50 AM - edited 02-21-2020 11:31 AM
I installed a PIX 515 and now have a user that cannot access a site via VPN that worked previously. What configuration changes would I need to allow outgoing VPN traffic only?
Thanks, Joe
12-06-2001 11:01 PM
normally you would allow udp/500 for isakmp
also protocol 50 for esp or protocol 51 for ah depending on what transform you are using (or both).
12-20-2001 08:49 AM
Are you using NAT? If the inside user is launching the VPN client from their desktop computer and the PIX is performing address translation then the SA will be broken and the VPN session will fail. You cannot alter a secure encapsulated packet and expect it to work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide