Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Client from inside

What have I to configure to let inside user start a client vpn connection with transport tunneling ipsec over udp through pix to another pix? From outside it is working fine but from inside transport tunneling is inactive.

Regards

Helmut

3 REPLIES

Re: VPN Client from inside

Hi Helmut,

If your users are using the cisco vpn client you need to allow the Ipsec vpn ports through in your inside interface.

The IPsec vpn ports are :

UDP 500, UDP 4500, and ESP protocol 50

create an access list on your inside interface allowing these ports outbound.

e.g

access-list inside permit udp any any eq 500

access-list inside permit udp any any eq 4500

access-list inside permit esp any any

access-group inside in interface inside

HTH

Jorge

Community Member

Re: VPN Client from inside

Yes I am using CISCO client. For testing there are no restrictions for outgoing traffic. In logfile of the client I see that no nat-device is recognize. Perhaps this is the reason that transport tunneling is inactive? My problem is that the vpn connection breaks down after an irregular time. I know this problem when the vpn gateway is not configured with nat traversal, but it is.

Any ideas?

Community Member

Re: VPN Client from inside

if you are using version 7, "inpsect ipsec-pass-thru" in the default policy.

Otherwise use fixup.

162
Views
0
Helpful
3
Replies
CreatePlease to create content