• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

Client VPN does not work when ACL is applied.

Hi
I have a cisco 857 router that is set up as a VPN endpoint where my clients should connect with cisco vpn client 4.x.

when I set this access list on the outside interface, my VPN clients cannot even start initiating a vpn session. When I remove this access list , it works perfectly.

What am I missing here? What additional traffic should I allow on my access list for vpn connections to work ok?

Extended IP access list 110
    10 permit tcp any any eq telnet (94 matches)
    20 permit tcp any host 217.36.x.x eq 4125
    30 permit tcp any host 217.36.x.x eq 3389
    40 permit tcp any host 217.36.x.x eq 443
    50 permit tcp any host 217.36.x.x eq www
    60 permit tcp any host 217.36.x.x eq www
    70 permit udp host 194.72.x.x eq domain host 217.36.x.x
    80 permit udp host 194.72.x.x eq domain host 217.36.x.x
    90 permit ip 10.1.0.0 0.0.0.255 any
    100 permit ahp any host 217.36.x.x
    110 permit esp any host 217.36.x.x
    120 permit udp any host 217.36.x.x eq isakmp
    130 permit udp any host 217.36.x.x eq non500-isakmp
    140 deny ip 192.168.1.0 0.0.0.255 any
    150 permit icmp any host 217.36.x.x echo-reply
    160 permit icmp any host 217.36.x.x time-exceeded
    170 permit icmp any host 217.36.x.x unreachable
    180 deny ip 10.0.0.0 0.255.255.255 any
    190 deny ip 172.16.0.0 0.15.255.255 any
    200 deny ip 192.168.0.0 0.0.255.255 any
    210 deny ip 127.0.0.0 0.255.255.255 any
    220 deny ip host 255.255.255.255 any
    230 deny ip host 0.0.0.0 any
    240 deny ip any any log (1099 matches)
0
eggster34
Asked:
eggster34
1 Solution
 
Erik BjersPrincipal Systems AdministratorCommented:
The CISCO VPN client uses TCP ports 62514 and 62515, UDP 500 and 4500, and it can also use TCP 10000 (for NAT over TCP)

Once you open those ports you should be good.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now