Well, that was an interesting filter job. PIX Config needs the following
access-list OUTSIDEACL permit esp host VPNHOST host VPNCLIENT-PUBLIC access-list OUTSIDEACL permit udp host VPNHOST host VPNCLIENT-PUBLIC isakmp static (INSIDE,OUTSIDE) VPNCLIENT-PUBLIC VPNCLIENT-PRIVATE netmask 255.255.255.255 0 0 access-group OUTSIDEACL in interface OUTSIDE where: OUTSIDEACL = number/name of your ACL created to apply to the external interface VPNHOST = Internet-visible address of the VPN authenticating device VPNCLIENT-PUBLIC = Internet-visible address of your internal client attempting to connect to the VPNHOST VPNCLIENT-PRIVATE = Internal NAT address of the internal client attempting to connect to the VPNHOST INSIDE = name of the internal PIX interface OUTSIDE = name of the external PIX interface Let's see if that makes sense now. Mike ----- Original Message ----- From: "Michael J. Doherty" To: Sent: Monday, January 21, 2002 14:25 Subject: Re: VPN and Cisco [7:32721] > You need to add the following to your PIX configuration: > > access-list permit esp host host > access-list permit udp host host eq isakmp > static (,) > netmask 255.255.255.255 0 0 > access-group in interface > > Hope that helps. > > Mike > > ----- Original Message ----- > From: "Tom Richs" > To: > Sent: Monday, January 21, 2002 13:44 > Subject: VPN and Cisco [7:32721] > > > > I have a client behind he firewall that is trying to VPN using Cisco's VPN > > client (5000 series) to VPN to a site on the Internet. Would I have to > open > > up anything on the firewall to allow it out. Currently everything is > > allowing out but the connection can't be established. > > > > Thanks. > > > > Tom > > > > _________________________________________________________________ > > MSN Photos is the easiest way to share and print your photos: > > http://photos.msn.com/support/worldwide.aspx > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32736&t=32721 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
