https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769254#M970333 <HTML><HEAD></HEAD><BODY><P>These are the IPsec vpn ports that need to be allowed through.</P><P></P><P>udp 500 </P><P>udp 4500 </P><P>protocol 50 esp </P><P></P></BODY></HTML> Thu, 30 Aug 2007 20:20:09 GMT JORGE RODRIGUEZ 2007-08-30T20:20:09Z https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769250#M970325 <P>Trying to set up ASA 5505 to allow IPSEC passthru for AT&amp;T Global network Client VPN.</P> Mon, 11 Mar 2019 11:04:25 GMT https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769250#M970325 lifecareit 2019-03-11T11:04:25Z https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769251#M970327 <HTML><HEAD></HEAD><BODY><P>Create an ACL to allow the traffic to pass? Assuming you're using esp and ike.</P><P></P><P>access-list 111 permit esp <SOURCE host="" or="" network=""> <DESTINATION host="" or="" network=""></DESTINATION></SOURCE></P><P>access-list 111 permit udp <SOURCE host="" or="" network=""> <DESTINATION host="" or="" network=""> eq isakmp</DESTINATION></SOURCE></P><P>access-group 111 in interface outside</P><P></P><P>That will let it pass through un-natted. If you need to nat then you'll need to create a static nat.</P></BODY></HTML> Thu, 30 Aug 2007 15:16:56 GMT https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769251#M970327 jeremyault 2007-08-30T15:16:56Z https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769252#M970329 <HTML><HEAD></HEAD><BODY><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1522169" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html#wp1522169</A></P></BODY></HTML> Thu, 30 Aug 2007 15:41:38 GMT https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769252#M970329 srue 2007-08-30T15:41:38Z https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769253#M970331 <HTML><HEAD></HEAD><BODY><P>Did that part already...looks like a static nat is in order.</P></BODY></HTML> Thu, 30 Aug 2007 19:49:34 GMT https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769253#M970331 lifecareit 2007-08-30T19:49:34Z https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769254#M970333 <HTML><HEAD></HEAD><BODY><P>These are the IPsec vpn ports that need to be allowed through.</P><P></P><P>udp 500 </P><P>udp 4500 </P><P>protocol 50 esp </P><P></P></BODY></HTML> Thu, 30 Aug 2007 20:20:09 GMT https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769254#M970333 JORGE RODRIGUEZ 2007-08-30T20:20:09Z https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769255#M970334 <HTML><HEAD></HEAD><BODY><P>Oh yeah, I just remembered, if the clients are using NAT traversal, you'll need to permit the UDP port being used - most often UDP 10000 but could be whatever port NAT-T is set to.</P></BODY></HTML> Sun, 02 Sep 2007 15:56:31 GMT https://community.cisco.com/t5/network-security/ipsec-passthrough-on-asa5505/m-p/769255#M970334 jeremyault 2007-09-02T15:56:31Z