PIX 506e - enable outbound Linksys VPN over port 443 1

[kburrill]

We are using a PIX 506e, v6.3(3). We have outside employees connecting to our network via a Cisco vpn client fine. However, we have a new requirement -- allow 3 employees inside our network to use Linksys QuickVPN to establish a VPN connection with another company. The PIX seems to be blocking this. The tech guy at the other company says I just need to open up port 443, which I've tried (with no success in allowing vpn connection). I keep getting the "remote gateway is not responding" error; the Linksys site suggests checking to make sure we are not using the same subnet as the other company (we aren't using the same subnet).


I've tried the following via the command line interface, all of which I have removed after attempting to connect to the other company w/o success. (xxx.xxx.xxx.xxx = our outside static ip, yyy.yyy.yyy.yyy = one inside private ip of ours, zzz = outside static ip for the other company):


1.
access-list xxx permit tcp any host xxx.xxx.xxx.xxx eq 443
access-list xxx permit udp any host xxx.xxx.xxx.xxx eq 443
access-group xxx in interface outside
static (inside,outside) xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy netmask 255.255.255.255 0 0

2. tried adding the following 2 lines to the first group of commands:
access-list xxx permit gre any host zzz.zzz.zzz.zzz
access-list xxx permit gre any host yyy.yyy.yyy.yyy

3.
static (inside,outside) xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
access-list xxx permit tcp any host yyy.yyy.yyy.yyy eq 443
access-group xxx in interface outside

Any help would be appreciated. I'm learning as I go!

 

[karmic]

The port is typically udp 500. 443 is for https.

~ K.I.S.S - Don't make it any more complex than it has to be ~

 

[kburrill]

Thanks!

I now have it working; I created translation rules for the local computers needing the VPN, and I created access rules opening up ports 443 and 500 between these computers & the outside host.