We are using a PIX 506e, v6.3(3). We have outside employees connecting to our network via a Cisco vpn client fine. However, we have a new requirement -- allow 3 employees inside our network to use Linksys QuickVPN to establish a VPN connection with another company. The PIX seems to be blocking this. The tech guy at the other company says I just need to open up port 443, which I've tried (with no success in allowing vpn connection). I keep getting the "remote gateway is not responding" error; the Linksys site suggests checking to make sure we are not using the same subnet as the other company (we aren't using the same subnet).
I've tried the following via the command line interface, all of which I have removed after attempting to connect to the other company w/o success. (xxx.xxx.xxx.xxx = our outside static ip, yyy.yyy.yyy.yyy = one inside private ip of ours, zzz = outside static ip for the other company):
1.
access-list xxx permit tcp any host xxx.xxx.xxx.xxx eq 443
access-list xxx permit udp any host xxx.xxx.xxx.xxx eq 443
access-group xxx in interface outside
static (inside,outside) xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy netmask 255.255.255.255 0 0
2. tried adding the following 2 lines to the first group of commands:
access-list xxx permit gre any host zzz.zzz.zzz.zzz
access-list xxx permit gre any host yyy.yyy.yyy.yyy
3.
static (inside,outside) xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
access-list xxx permit tcp any host yyy.yyy.yyy.yyy eq 443
access-group xxx in interface outside
Any help would be appreciated. I'm learning as I go!
I've tried the following via the command line interface, all of which I have removed after attempting to connect to the other company w/o success. (xxx.xxx.xxx.xxx = our outside static ip, yyy.yyy.yyy.yyy = one inside private ip of ours, zzz = outside static ip for the other company):
1.
access-list xxx permit tcp any host xxx.xxx.xxx.xxx eq 443
access-list xxx permit udp any host xxx.xxx.xxx.xxx eq 443
access-group xxx in interface outside
static (inside,outside) xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy netmask 255.255.255.255 0 0
2. tried adding the following 2 lines to the first group of commands:
access-list xxx permit gre any host zzz.zzz.zzz.zzz
access-list xxx permit gre any host yyy.yyy.yyy.yyy
3.
static (inside,outside) xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
access-list xxx permit tcp any host yyy.yyy.yyy.yyy eq 443
access-group xxx in interface outside
Any help would be appreciated. I'm learning as I go!