access-list 101 permit udp any eq isakmp host <Pix Firewall> eq isakmp #ISAKMP = UDP Port 500 in both directions access-list 101 permit esp any host <Pix Firewall> #ESP = Encapsulating Security Payload access-list 101 permit ahp any host <Pix Firewall> # AH Authentication Header
This should allow things to start flowing if you are doing IPSec with a transform set of 3DES HMAC SHA-1 on inbound access lists. Ken Claussen MCSE CCNA CCA "In Theory it should work as you describe, but the difference between theory and reality is the truth! For this we all strive" -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of McFerron, Ken Sent: Friday, December 21, 2001 10:20 AM To: '[EMAIL PROTECTED]' Subject: PIX VPN Client Question I have setup a PIX with VPN access. It has version 6.0(1) of the IOS and I am using version 3.0.2 of the VPN Client. I have a router in front of the PIX with some access lists on it. I need to know what ports need open on the router to establish a vpn connection with the PIX. I have the PIX setup correctly because if I open all the ports up I am able to connect but I would like to only open the ports I need. Thanks _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls