Hi
You can open with conduits/access list for protocols 50 and 51 (ESP and AH)
to let pass the ipsec connection, plus UDP for port 500 ( I think) for the
ISAKMP
connection if you are using IKE or similar.
BUT I would recomend you don�t let pass a ipsec tunnel through your firewall,
as it can not inspect it. The "correct" way would be to end the tunnel in the
pix,
and the process the traffic to let it pass or not.
Regards
"Winchester, Derek S." escribi�:
> Hey Guys,
>
> I have a site that needs to connect to another site over the Internet. The
> other site is using VPN/IPSEC. I have no experience with VPN/IPSEC, but I
> have to clear a path so that my firewall(PIX) will not continue to block the
> connection. Any insight to this issue will be greatly appreciated.
>
> Derek S. Winchester
> Sr. Wan Engineer
> Data Communications Department
> [EMAIL PROTECTED]
> Phone: 410-953-4887
> Cell: 443-562-3456
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---
--
---
Javier Contreras Albesa
Standard Trainer
PRO IN Training S.L.
PROfessional Information Networks
World Trade Center, Moll de Barcelona S/N
Edif Sur, Planta 4
Phone: (+34) 93-5088850 E-mail: [EMAIL PROTECTED]
Fax: (+34) 93-5088860 Internet: http:// www.proin.com
SHAPING THE FUTURE - BE PART OF IT!
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
