Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
699
Views
0
Helpful
2
Replies

Cisco VPN client through a PIX Firewall

CSCO10576352
Level 1
Level 1

‎08-09-2007 09:38 AM - edited ‎03-11-2019 03:55 AM

Hi, has anyone ever configured a pix to site between a local LAN switch and an internet broadband router to basically block all trafic except for outgoing vpn connections using cisco vpn client to a cisco vpn concentrator from pc's located on the local LAN.

If anyone has got this kind of setup working then it would be usefull to get an overview of how, I have searched the net but can't seem to find anything specific to what im trying to achieve.

The info im interested in is what specific protocols/ports need to be allowed through, any speatures that need to be enabled on the pix, etc.

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎08-09-2007 09:43 AM

The ipsec vpn ports which would need to be allowed through would be

udp 500

udp 4500

protocol 50 esp

You could simply create an access-list on your inside interface allowing only these ports outbound.

access-list inside permit udp any any eq 500

access-list inside permit udp any any eq 4500

access-list inside permit esp any any

access-group inside in interface inside

or more specifically

access-list inside permit udp any host eq 500

access-list inside permit udp any host eq 4500

access-list inside permit esp any host

access-group inside in interface inside

0 Helpful

CSCO10576352
Level 1
Level 1
In response to acomiskey

‎08-09-2007 09:47 AM

Thanks for the prompt reply, ill try that out.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card