VPN & L2TP

[Breyer]

I'm trying to set up our PIX firewall to allow MS VPN clients on the inside network connect to a VPN server (Instagate EX2 I believe) running L2TP out on the internet. Currently I am getting Error 619: The specified port is not connected. Does anyone know of any specific ports I need to open to make this work?

Currently trying:
access-list l2tp permit udp host [VPN Server] host [outside IP of client w/ static mapping] eq 1701

I think this is part of the solution, what am I missing?

 

[Breyer]

Woops, it's actually:

access-list acl-out permit udp host [VPN Server] host [outside IP of client w/ static mapping] eq 1701

 

[Breyer]

Nevermind, I got it.

FYI:

For PPTP:
access-list acl_out permit gre host [VPN server] host [VPN client]

If you are using L2TP, then the following line is needed IN ADDITION to the above (this is what had me before):
access-list acl_out permit udp host [VPN server] host [VPN client] eq 1701

 

[erans]

Is it posible to use both of them ? Eran
erans@convergys.co.il