Cisco vpn client and 3640 router w/ CBAC firewall problem

[darkstar72]

I'm experiencing some difficulty having a cisco 3.5.1c vpn client connect to our office LAN via a Cisco 3640 router with a CBAC IOS firewall and IDS enabled. The vpn client can successfully establish a tunnel however I am unable to do anything else besides ping PCs on the LAN. I cannot logon to the domain, check email, establish a PC anywhere session, map drives, etc.
Since CBAC firewalls only allows sessions to be initiated from the inside network, I can establish a remote PC anywhere connection with the PC with the vpn client installed. If I disable CBAC on the router I can initiate sessions from both sides flawlessly. I also have two gateway-to-gateway vpn tunnels configured as well and they work fine with CBAC enabled. Is it possible to have a vpn client successfully initiate a session from the outside with CBAC enabled on the router? Are there any special ports and/or protocols that I need to open besides:

access-list 117 permit esp any any
access-list 117 permit udp any any eq isakmp
access-list 117 permit icmp any any unreachable
access-list 117 permit icmp any any echo-reply
access-list 117 permit icmp any any packet-too-big
access-list 117 permit icmp any any time-exceeded
access-list 117 permit icmp any any traceroute
access-list 117 permit icmp any any administratively-prohibited
access-list 117 permit icmp any any echo
access-list 117 deny ip 127.0.0.0 0.255.255.255 any
access-list 117 deny ip any any

Any help would be greatly appreciated.

Rick V

 

[know]

Along with isakmp u have to open ports for ike & IPSEC in access list 117 & it will work.I think the ports are UDP 500,tcp 50 & 51,tcp 1723

I suggest u to go through tech docs as there are some
issues with running vpn & CBAC together.

Regards,
Rakesh