Hi !!! That's not a good aproach for the problem, for doing IPSEC encapsulated in UDP you would need to terminate the tunnel in a VPN concentrator (VPN-3000).
Now for using a IPSEC client behind a PIX in the upper PIX you would have to make a static mapping and open the folllowing ports: UDP/500 --> ISAKMP ESP or AH for the type o encapsulation in the case of VPN Client 3.1 it would only work with ESP Now from my point of view and because i don't now you want to do i think the two peer's shoul be PIX1 and PIX2 because of the NAT problems Regards Bruno Fernandes -----Original Message----- From: Andre Dieball [mailto:[EMAIL PROTECTED]] Sent: ter�a-feira, 9 de Abril de 2002 14:52 To: [EMAIL PROTECTED] Subject: (no subject) Hi I have a PIX with 6.1(1) installed and am using VPN Client 3.5.1 Setup: -------- |Client| -------- | | ------- |PIX | ------- | | ~~~~~~~~~~~ INTERNET ~~~~~~~~~~~ | | ------- |PIX | ------- The upper PIX ( where the client is behind) is doing NAT. What do I have to configure on the lower (the Headquarter) Pix to allow IPSec over TCP (Port 10000)??? What Ports must I have open on the upper Pix, I'd assume: access-list 101 permit udp any eq isakmp host <Pix Firewall> eq isakmp access-list 101 permit esp any host <Pix Firewall> access-list 101 permit ahp any host <Pix Firewall> Any help is appreciated, thank you very much in advance. -- Mit freundlichen Gruessen With Kind Regards Andre _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
