IPsec-VPN via an Cisco PIX 515E?
 




IT Certification FAQ
 
|
Home
 |
Microsoft
 |
CISCO
 |
CompTIA
 |
Exam/Study FAQ
 |
Employment FAQ
 | Links  | Forums  |
Book Reviews


FAQFAQ  SearchSearch  MemberlistMemberlist  UsergroupsUsergroups  RegisterRegister  ProfileProfile  Log in to check your private messagesPrivate messages  Log inLog in

IPsec-VPN via an Cisco PIX 515E?

 
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco
Author Message
Dairenn Lombard
Guest
PostPosted: Sat Jun 30, 2007 12:16 am    Post subject: IPsec-VPN via an Cisco PIX 515E? Reply with quote
In order to allow a tunnel IPsec-VPN to communicate through iptables you have to
add a rule that allows the "ah" protocol. Does anyone happen to know the syntax
for adding such a rule to a Cisco PIX 515E firewall?
Back to top
Łukasz Bromirski
Guest
PostPosted: Sat Jun 30, 2007 12:35 am    Post subject: Re: IPsec-VPN via an Cisco PIX 515E? Reply with quote
Dairenn Lombard wrote:
Quote:
In order to allow a tunnel IPsec-VPN to communicate through iptables you
have to add a rule that allows the "ah" protocol. Does anyone happen to
know the syntax for adding such a rule to a Cisco PIX 515E firewall?

Refer to command reference guide[1] for Your specific PIX OS version
and read about the access-list statement. Extended ACLs have the
option to put the protocol in.

[1].http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/index.htm

--
"Confidence is what you have before you | Łukasz Bromirski
understand the problem." -- Woody Allen | lukasz:bromirski,net
Back to top
Chad Mahoney
Guest
PostPosted: Sat Jun 30, 2007 12:47 am    Post subject: Re: IPsec-VPN via an Cisco PIX 515E? Reply with quote
Dairenn Lombard wrote:
Quote:
In order to allow a tunnel IPsec-VPN to communicate through iptables you
have to add a rule that allows the "ah" protocol. Does anyone happen to
know the syntax for adding such a rule to a Cisco PIX 515E firewall?


I think you can try:

sysopt permit ipsec


HTH

Chad
Back to top
Scott Perry
Guest
PostPosted: Thu Jul 05, 2007 6:55 pm    Post subject: Re: IPsec-VPN via an Cisco PIX 515E? Reply with quote
access-list [name of A-L] permit ah [source] [destination]

This is the same idea of having an access-list entry begin with "access-list
xxx permit ip", "access-list xxx permit tcp", "access-list xxx permit udp",
or even "access-list xxx permit esp".

If you want to get detailed, you could permit inbound from UDP port 500 to
UDP port 500, depending on the protocol used. This varries based on VPN
client and connection type. Cisco VPN client allows UDP or TCP and can
connect on port 500, 10000, or whatever specified.

--

===========
Scott Perry
===========
Indianapolis, Indiana
________________________________________
"Dairenn Lombard" <dairenn@gmail.com> wrote in message
news:46855a72$0$14937$4c368faf@roadrunner.com...
Quote:
In order to allow a tunnel IPsec-VPN to communicate through iptables you
have to add a rule that allows the "ah" protocol. Does anyone happen to
know the syntax for adding such a rule to a Cisco PIX 515E firewall?
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Forum Index -> comp.dcom.sys.cisco All times are GMT
Page 1 of 1

 

Copyright © 2002-2006 Web-S-Sense Pty. Ltd. All rights reserved.

Powered by phpBB
Advertising | Policies/Disclaimers | Contact us | Link to us

Featured Sites: Free Antivirus and Antispyware Info | Free PC Support | MCSE Directory