09-10-2003 08:19 AM - edited 03-09-2019 04:43 AM
I am trying to run a Nortel VPN client from behind my Pix 515. I have been told that I have to open udp and tcp ports 500 and 10000 to get this working. Can someone help me with how to do this?
Thanks.
Louanne
09-10-2003 08:30 AM
Hello Louanne,
If you need to open ports for TCP and UDP then you'll need to create ACL on the inside interface of the PIX, i.e.
> access-list inside permit tcp host
> access-list inside permit udp host
> access-list inside permit ip any any
> access-group inside in interface inside
Make sure to save with cmd 'wr m' and do cmd 'clear xlate'
Hope this helps - Jay
09-10-2003 08:36 AM
Jay,
I apologize for being such a newbie here but...
My access lists have names/numbers. Do I create a new group with a name or is "inside" above the name? Also, above you specify
09-10-2003 08:51 AM
Hi -
The "inside" is the name, also you are saying that you have a mixture of names and numbers - correct? you can use numbers if you like but I find it better with names. How many inside clients have you got? If all your clients are on the same subnet, say, 192.168.10.10 then you could write the ACL as -
access-list
access-list
access-list
access-group
Also, here's a good document on ACLs - one thing to remember is that on routers you use 'wildcard masks' i.e. on router ACL 255.255.255.0 will be 0.0.0.255 and on PIX it will not i.e. 255.255.255.0 - all explained on this document:
http://www.cisco.com/warp/public/707/confaccesslists.html
Now save with cmd 'wr m' and do cmd 'clear xlate'
Hope this helps - Jay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide