don't mix things! first. port 10000 sound like upd-encapsulation. you need
udp/500 upd/10000 (or whatever you use) on tcp-encapsulation you only need to allow tcp/80 (default or whatever you use) on both types you don't need ah/esp. but now to the basic things! does udp/tcp-encapsulation works on pix? i don't think so! suprise me and let me know, if you get it work! regards dirk -- ISION Internet AG Dirk Pfau IP Network / iSecurity Harburger Schlossstr. 1 D-21079 Hamburg Fon: +49 40 77175-538 eMail: [EMAIL PROTECTED] Web: http://www.ision.net Andre Dieball wrote: > Hi > > I have a PIX with 6.1(1) installed and am using VPN Client 3.5.1 > > Setup: > > -------- > |Client| > -------- > | > | > ------- > |PIX | > ------- > | > | > ~~~~~~~~~~~ > INTERNET > ~~~~~~~~~~~ > | > | > ------- > |PIX | > ------- > > The upper PIX ( where the client is behind) is doing NAT. > > What do I have to configure on the lower (the Headquarter) Pix to allow > IPSec over TCP (Port 10000)??? > What Ports must I have open on the upper Pix, I'd assume: > access-list 101 permit udp any eq isakmp host <Pix Firewall> eq isakmp > access-list 101 permit esp any host <Pix Firewall> > access-list 101 permit ahp any host <Pix Firewall> _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
