Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
226
Views
5
Helpful
1
Replies

connecting to external VPN concentrator through PIX firewall

ppierre
Level 1
Level 1

‎02-25-2003 09:48 AM - edited ‎02-21-2020 12:22 PM

Hi all, currently we have some consultants who need to access their network using their 3.6 clients on their laptops to connect to their 3000 concentrators over the Internet through our PIX. My problem is what ports and protocols do i need to let pass through my PIX in order to give them the functionality that they need? Is it udp 4500 and 10000? Here is an example of my outbound list: Anybody?

nat (inside) 1 192.168.3.0 255.255.255.0 0 0

outbound 10 deny 192.168.3.0 255.255.255.0 0 0

outbound 10 permit 192.168.3.36 255.255.255.255 10000 udp

outbound 10 permit 192.168.3.36 255.255.255.255 4500 udp

Labels:
0 Helpful
1 Reply 1

shannong
Level 4
Level 4

‎02-25-2003 03:20 PM

It depends on how the remote concentrator is configured. If NAT-T is configured, then you'll need to allow UDP/4500 out but not 10000. The port number specified in the VPN group is only used when NAT-T is not turned on.

-Shannon

Customers Also Viewed These Support Documents