Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
250
Views
0
Helpful
1
Replies

W2k VPN server in DMZ - clients are getting no answer

kdagostino
Level 1
Level 1

‎03-14-2003 08:57 AM - edited ‎02-21-2020 12:24 PM

We configured a VPN server in a DMZ off PIX 515. The server has one NIC and we can ping outside clients and inside hosts including the DC and DNS servers. However the clients are still getting NO answer. My ACL is:

access-list 100 permit gre any host x.x.x.x

access-list 100 permit tcp any host x.x.x.x eq 1723

access-list 100 permit udp any host x.x.x.x eq 1723

access-list 100 permit udp any host x.x.x.x eq isakmp

access-list 100 permit udp any host x.x.x.x eq 1701

Do I need any other ports open? Protocols? Any suggestions would be appreciated... Thx

Labels:
0 Helpful
1 Reply 1

afakhan
Level 4
Level 4

‎03-14-2003 05:47 PM

Hi,

If you have "sysopt connection permit-ipsec" command on your pix, that should take care of ESP traffic as well.

Make sure that you have "nat (dmz) 0 access-list ACL###" command on your pix as well to bypass NAT for ipsec traffic(returning to the vpn clients).

your Server on DMZ should point to PIX as its default GW as well.

Thx

Afaq

0 Helpful
Customers Also Viewed These Support Documents