Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Nortel VPN client behind cisco pix firewall

Hi,

I am trying to connect a VPN gateway using Nortel Contivity VPN client.I have nat`ed the IP address of the client & allowed ports udp 500 ,IP 50 & 51 on the PIX firewall for the client to connect to the vpn gateway.

The ACL was as follows:

access-list acl_out permit udp host <nat`ed IP> host <vpn_gateway_ip> eq 500

access-list acl_out permit 50 host <nat`ed IP> host <vpn_gateway_ip>

access-list acl_out permit 50 host <nat`ed IP> host <vpn_gateway_ip>

with the above ACL the client was not able to connect to the remote Nortel vpn server.

Then I reversed the ACL.as follows after whcih the client ws succesfuly able to connect.

access-list acl_out permit udp host <vpn_gateway_ip> host <nat`ed IP> eq 500

access-list acl_out permit 50 host <vpn_gateway_ip> host <nat`ed IP>

access-list acl_out permit 51 host <vpn_gateway_ip> host <nat`ed IP>

In the past I hv successfuly used checkpoint & cisco vpn clients to connect with the above acl.

Is there any specific about Nortel or am I missing something.

Thanks

REgards

Mahavir

1 REPLY
Silver

Re: Nortel VPN client behind cisco pix firewall

As VPN should connect in both direction You need to open the udp ports 500 and protocols 50 and 51 on outside interface. Give static transalation for your inside hosts. Hope this helps

101
Views
0
Helpful
1
Replies