Hiya - For IPSec traffic, you need to permit UDP 500 and IP protocols 50 and 51 (depending on whether you'redoing AH and/or ESP). It wasn't clear from your message, but it may not be okay to just allow a VPN into your network from the outside, cons...

I would suggest upgrading the IOS - it doesn't say in your message where in the network fragmentation is taking place... channging the MTU on bothends of one serial link may not change matters ifthe fragmentation is taking place elsewhere...-Rakesh

You seem to be filtering on source ports in your ACL - this isn't a good idea since most protocols userandom high ports as the source port. A better strategy would be to filter on the destination portwhich is (usually!) more predictable. Two additi...

As has been mentioned before, BGP would only be needed if you've gotten your three linesfrom different providers, and want the Internet to know that it can reach your entire address spacefrom any one of the three providers. The PIX can easily deal ...

Here's my generic ingress ACL template. Note that I permit into the protected network only the bare ICMP functionality (IMO of course :-) ) Turning off ICMP alltogether may beoverly restrictive - ICMP after all provides useful things, but this wi...