I need to allow UDP port 500 in both directions in my firewall as well as protocols 50 and 51. Below is my current configuration. What do I need to add or change? Port 500 is changed to isakmp when I add it to the access list.
interface FastEthernet0/0
ip address 66.xxx.xxx.xxx 255.255.255.0
ip access-group 101 in
ip nat out
speed 10
half-duplex
no cdp enable
!
interface FastEthernet0/1
description connected to EthernetLAN
ip address 192.168.1.254 255.255.255.0
ip nat inside
speed auto
full-duplex
no cdp enable
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static 192.168.1.1 66.xxx.xxx.xxx
ip nat inside source static 192.168.1.4 66.xxx.xxx.xxx
ip nat inside source static 192.168.1.3 66.xxx.xxx.xxx
ip nat inside source static 192.168.1.2 66.xxx.xxx.xxx
ip classless
ip route 0.0.0.0 0.0.0.
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 permit tcp any eq www any
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any eq ftp any
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any eq smtp
access-list 101 permit tcp any any eq 50
access-list 101 permit tcp any eq 50 any
access-list 101 permit tcp any any eq 51
access-list 101 permit tcp any eq 51 any
access-list 101 permit tcp any any eq 2010
access-list 101 permit tcp any eq 2010 any
access-list 101 permit udp any any eq 50
access-list 101 permit udp any eq 50 any
access-list 101 permit udp any any eq 51
access-list 101 permit udp any eq 51 any
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any eq isakmp any
access-list 101 permit tcp any any eq ftp-data
access-list 101 permit tcp any eq ftp-data any
access-list 101 permit tcp any any eq 5190
access-list 101 permit tcp any eq 5190 any
access-list 101 permit tcp any any eq 1863
access-list 101 permit tcp any eq 1863 any
access-list 101 permit tcp any any eq 4190
access-list 101 permit tcp any eq 4190 any
access-list 101 permit tcp any any eq 7000
access-list 101 permit tcp any eq 7000 any
access-list 101 permit tcp any any eq 143
access-list 101 permit tcp any eq 143 any
access-list 101 permit tcp any any eq 5050
access-list 101 permit tcp any eq 5050 any
access-list 101 permit tcp any any eq 4661
access-list 101 permit tcp any eq 4661 any
access-list 101 permit esp any any
access-list 101 permit ahp any any
access-list 101 permit tcp any any eq 32656
access-list 101 permit tcp any eq 32656 any
access-list 101 permit tcp any any eq 3389
access-list 101 permit tcp any eq 3389 any
access-list 101 permit tcp any any eq 3265
access-list 101 permit udp any any eq 3389
access-list 101 permit udp any eq 3389 any
access-list 101 permit udp any eq isakmp any eq isakmp
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any eq 443 any
Thank You for your help
