hi guys, all the posts i've seen replying to this guy's problem don't included references to needing GRE (proto 47).
it is needed for VPN connectivity, who are we all just assuming everyone knows this? (even though there's no mention of it) stephen On Mon, 4 Aug 2003, David Gillett wrote: > ESP is protocol 50 and AH is 51. Neither opening 52 nor > leaving 50 closed is likely to help. > > David Gillett > > > -----Original Message----- > > From: Douglas Gullett [mailto:[EMAIL PROTECTED] > > Sent: August 2, 2003 08:49 > > To: Adam Overlin; [EMAIL PROTECTED] > > Subject: RE: Cisco Workaround > > > > > > Adam, > > > > If the "cheat" sheet you are referring to is the Cisco > > Security Alert, I am > > guessing that you put in their access-list. For IPSEC you > > need to have > > Protocol Port 51 (ESP) and Protocol Port 52 (AH) open, as > > well as UDP Port > > 500 (isakmp). > > > > Doug > > > > -----Original Message----- > > From: Adam Overlin [mailto:[EMAIL PROTECTED] > > Sent: Thursday, July 31, 2003 12:59 PM > > To: [EMAIL PROTECTED] > > Subject: RE: Cisco Workaround > > > > > > I just joined this list so I haven't seen the whole thread on > > this issue, > > thus my company's particular issue may have been discussed > > already, but I > > thought I would see if I could get some help anyway. > > > > Background: > > We have a Cisco 827 router and a PIX 506e locally. Router > > being in front of > > the PIX. We also have a co-location facility that we are > > connected via a > > constant VPN tunnel. There we have a PIX 515e. The two > > pixes are what > > control the VPN/encryption. > > > > Issue: > > The pixes don't run IOS so we didn't have to worry about > > upgrading those. > > However, the router does. So we upgraded the router to the > > latest version. > > Everything worked ok, except, the VPN tunnel. That got > > knocked out. Keep > > in mind that I am no Cisco expert. I did the upgrade with > > the help of a > > *cheat* sheet that Cisco sent us. All I did was copy the > > information. I > > didn't really understand what I was actually typing into the > > console (we > > have another network consultant that is responsible for the > > "understanding > > part, although he didn't know why it wasn't working either). :) > > > > So after a little messing around we reverted back to the old IOS and > > everything was peachy. A couple days later they sent us > > another version to > > upgrade with and that did the same thing. Needless to say, > > we are still > > upgradeless. > > > > If there are any suggestions out there, I would really > > appreciate it. If I > > didn't give enough info, please let me know, and I will get > > you whatever you > > need (within my power of course). > > > > Thanks in advance, > > Adam > > > > > > -------------------------------------------------------------- > > ------------- > > -------------------------------------------------------------- > > -------------- > > > > > > -------------------------------------------------------------- > > ------------- > > -------------------------------------------------------------- > > -------------- > > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
