Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
2
Replies

VPN through a PIX 515

jingram
Level 1
Level 1

‎12-06-2001 06:50 AM - edited ‎02-21-2020 11:31 AM

I installed a PIX 515 and now have a user that cannot access a site via VPN that worked previously. What configuration changes would I need to allow outgoing VPN traffic only?

Thanks, Joe

Labels:
0 Helpful
2 Replies 2

cjacinto
Cisco Employee
Cisco Employee

‎12-06-2001 11:01 PM

normally you would allow udp/500 for isakmp

also protocol 50 for esp or protocol 51 for ah depending on what transform you are using (or both).

0 Helpful

geraldmarr
Level 1
Level 1

‎12-20-2001 08:49 AM

Are you using NAT? If the inside user is launching the VPN client from their desktop computer and the PIX is performing address translation then the SA will be broken and the VPN session will fail. You cannot alter a secure encapsulated packet and expect it to work.

0 Helpful
Customers Also Viewed These Support Documents