08-30-2007 07:57 AM - edited 03-11-2019 04:04 AM
Trying to set up ASA 5505 to allow IPSEC passthru for AT&T Global network Client VPN.
08-30-2007 08:16 AM
Create an ACL to allow the traffic to pass? Assuming you're using esp and ike.
access-list 111 permit esp
access-list 111 permit udp
access-group 111 in interface outside
That will let it pass through un-natted. If you need to nat then you'll need to create a static nat.
08-30-2007 08:41 AM
08-30-2007 12:49 PM
Did that part already...looks like a static nat is in order.
09-02-2007 08:56 AM
Oh yeah, I just remembered, if the clients are using NAT traversal, you'll need to permit the UDP port being used - most often UDP 10000 but could be whatever port NAT-T is set to.
08-30-2007 01:20 PM
These are the IPsec vpn ports that need to be allowed through.
udp 500
udp 4500
protocol 50 esp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide