Allow VPN out access for Nortel aventail Extranet client

[themikehyde]

Hello,
I am trying to get access from inside to a Nortel Aventail VPN server on the outside. Here is what I found on the AVentail site.

IPSEC ESP Prtocol: IP Protocol 50
IKE Protocol: UDP Port 500

What do I need to add to the acl_out access-list?

Thanks,
Mike

 

[tbissett]

access-list acl_out permit udp any host [vpnserver ip] eq 500
access-list acl_out permit 50 any host [vpnserver ip]

Also, if on 6.3, add the following command so your VPN clients deal with NAT better:
fixup protocol esp-ike

If you don't have 6.3 (and the above fixup command), you may have issues with multiple clients on the inside trying to go out simultaneously because NAT gets in the way

 

[themikehyde]

tbissett,
Thanks, I just resolved this about 10 minutes ago. I had the access-list commands correct, but had forgotten all about the NAT issue. Once I issued a static for our internal client to the outside, everything is fine.

Thanks,
Mike