cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

12449
Views
0
Helpful
5
Replies
lifecareit
Beginner

IPSEC passthrough on ASA5505

Trying to set up ASA 5505 to allow IPSEC passthru for AT&T Global network Client VPN.

5 REPLIES 5
jeremyault
Beginner

Create an ACL to allow the traffic to pass? Assuming you're using esp and ike.

access-list 111 permit esp

access-list 111 permit udp eq isakmp

access-group 111 in interface outside

That will let it pass through un-natted. If you need to nat then you'll need to create a static nat.

Did that part already...looks like a static nat is in order.

Oh yeah, I just remembered, if the clients are using NAT traversal, you'll need to permit the UDP port being used - most often UDP 10000 but could be whatever port NAT-T is set to.

JORGE RODRIGUEZ
Advocate

These are the IPsec vpn ports that need to be allowed through.

udp 500

udp 4500

protocol 50 esp

Jorge Rodriguez
Create
Recognize Your Peers
Content for Community-Ad