Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
279
Views
0
Helpful
2
Replies

IPSec breaks over NAT after 675 filters enabled

tod
Level 1
Level 1

‎01-18-2003 08:38 PM - edited ‎03-02-2019 04:19 AM

I updated my CBOS to 2.4.6 and decided to enable the filters to lock down the unit. Now the IPSec clients (Nortel Contivity) can't connect. I have enabled UDP port 500, and it is working up until the client starts to send ESP packets over IP protocol 50. The server respose never appears on my analyzer.

I am assuming the default "Deny All" is doing just that but can't find a way to ALLOW IP protocol 50. Any ideas out there?

Thanks

trish

Labels:
0 Helpful
2 Replies 2

kmarrero
Level 4
Level 4

‎01-20-2003 06:45 AM

You may have just misconfigured the filters on your 675. Look over the following URL as it gives a pretty good example of how to set up the filtering.

http://www.cisco.com/univercd/cc/td/doc/product/dsl_prod/c600s/cbos/cbos230/03chap01.htm

0 Helpful

tod
Level 1
Level 1
In response to kmarrero

‎01-20-2003 01:15 PM

Went over that pretty thoroughly. I finally got it work by doing an ALLOW ALL incoming and outging and the bottom of my list, but i would prefer the explict allow. For it will work as the inside FW will do most of the protection, but it would be nice if CBOS recognized protocols other than just TCP/UDP/ICMP

0 Helpful
Customers Also Viewed These Support Documents