Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco VPN client pass-thru

Status
Not open for further replies.

thelpme

Technical User
Apr 4, 2005
22
US
I have a pix firewall running 6.3(4). I have an internal user (on the inside interface) that would like to connect to a VPN server on the outside using the Cisco VPN client (version unknown). What are the rules I need to add to the PIX to allow this?

Thanks in advance.
 
Actually for a cisco vpn all you would need is

sysopt connection permit-ipsec
 
brianms, "sysopt connection permit-ipsec" is used to bypass acl checking on the ingress interface for termianting IPSEC tunnels to the PIX. thelpme is looking to allow VPN traffic through the PIX that is terminating on another server.

 
It's not the best doc in the world, but here is a Cisco document that shows VPN passing through a PIX. Ignore the stuff about conduits and just focus on the access-list lines. Looks like they included both when the doc was new.


Also, here's the link to the command reference for sysopt since we've been talking about that.


Matt
CCSP
 
Good catch Networkghost, should have been sleeping instead of typing ... lol
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top