I hope this answers your question about esp rules working through your f/w.
ESP uses protocol 50, but you have to set ip filters for tcp and udp as well. You did not say what type of vpn box you are using, so you will need to verify. Also, if you have a Net Ranger or similar device, you might be getting "shunned" by it. If you do a tcp dump on the internal and external burb and you see terminal resets, check your Net Ranger Sensors and change the alarm thresholds. Chris Gordon ""Joel Satterley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, does anyone know what rule should allow ESP back thru a FW-1 firewall > from a VPN concentrator ? I have it coming INBOUND ok, but the replies get > dropped on the FW internal rule. Very odd. > > ?? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29904&t=29759 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
