Link to home
Start Free TrialLog in
Avatar of eggster34
eggster34

asked on

Client VPN does not work when ACL is applied.

Hi
I have a cisco 857 router that is set up as a VPN endpoint where my clients should connect with cisco vpn client 4.x.

when I set this access list on the outside interface, my VPN clients cannot even start initiating a vpn session. When I remove this access list , it works perfectly.

What am I missing here? What additional traffic should I allow on my access list for vpn connections to work ok?

Extended IP access list 110
    10 permit tcp any any eq telnet (94 matches)
    20 permit tcp any host 217.36.x.x eq 4125
    30 permit tcp any host 217.36.x.x eq 3389
    40 permit tcp any host 217.36.x.x eq 443
    50 permit tcp any host 217.36.x.x eq www
    60 permit tcp any host 217.36.x.x eq www
    70 permit udp host 194.72.x.x eq domain host 217.36.x.x
    80 permit udp host 194.72.x.x eq domain host 217.36.x.x
    90 permit ip 10.1.0.0 0.0.0.255 any
    100 permit ahp any host 217.36.x.x
    110 permit esp any host 217.36.x.x
    120 permit udp any host 217.36.x.x eq isakmp
    130 permit udp any host 217.36.x.x eq non500-isakmp
    140 deny ip 192.168.1.0 0.0.0.255 any
    150 permit icmp any host 217.36.x.x echo-reply
    160 permit icmp any host 217.36.x.x time-exceeded
    170 permit icmp any host 217.36.x.x unreachable
    180 deny ip 10.0.0.0 0.255.255.255 any
    190 deny ip 172.16.0.0 0.15.255.255 any
    200 deny ip 192.168.0.0 0.0.255.255 any
    210 deny ip 127.0.0.0 0.255.255.255 any
    220 deny ip host 255.255.255.255 any
    230 deny ip host 0.0.0.0 any
    240 deny ip any any log (1099 matches)
ASKER CERTIFIED SOLUTION
Avatar of Member_2_2473503
Member_2_2473503
Flag of Philippines image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial