opening pix firewall port question for vpn access...

[126rjp]

I am new to cisco, so please be kind to my stupid question. I am trying to access my main office from behind a PIX 501. The main office has a PIX 515 and VPN is working fine for all Cisco vpn clients (version 3.51), except from behind the 501. Both PIX's are running 6.33, and I have nat-t enabled on the 515 at the main office. I have been able to establish a connection with the vpn to the main office, but not able to access any resources, can't map drives or use terminal services, etc...

I have looked through alot of these postings and have come up with, I need to open ports for udp 500 and upd 4500 on the 501 PIX. My question is how do I do this, and on what interface, outside interface for in? inside interface out? I am clueless... any guidance would be a great help.

 

[themut]

You need to open UDP 500 and IP protocol 50 (ESP). You may also need to enable NAT-T on the 515 or configure a static translation for the VPN client on the 501.

 

[126rjp]

Thanks for the reply themut, but I am pretty clueless here, how would I open the ports? would I do it through access lists? sorry, but this is my first experience with cisco...

 

[themut]

access-list <any-name> permit udp <source-ip> <mask> <destination-ip> <mask> eq 500
access-list <any-name> permit 50 <source-ip> <mask> <destination-ip> <mask>

Use the link below as a guideline

 

[themut]

Ooops... forgot the link:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009486e.shtml