• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 186
  • Last Modified:

Allowing VPN out of network

ok, we have a client that uses the ATT global client to VPN.. They gave me a list of requirements and IP's needed for the opened ports...No idea where to start...wonder if i can get some insight? thanks
attached is the documentation
attbroadbandports.pdf
0
jasonmichel
Asked:
jasonmichel
  • 2
  • 2
1 Solution
 
stsonlineCommented:
I've run into this before... you need to create two access lists, one for the IPs marked IN and one for the IPs marked OUT. The easiest way is to create an object group for the IPs in the GIGs and use that object group in your ACL rules. Allow the services to pass through to your internal networks and you should be good to go.
0
 
jasonmichelAuthor Commented:
can you give me an example of a config to achieve this?...thanks
0
 
jasonmichelAuthor Commented:
can anyone give me a quick example of creating these object groups and applying them to ACLS? and allowing the services through internal networks. Would that be creating and ACL for the LAN interface inbound, or just allowing individual ports?
0
 
stsonlineCommented:
I don't have one for the 1841 but in general, create object-groups like so:

object-group network Sprint_Mail
 network-object host 63.161.60.29
 network-object host 63.161.60.61

Then use the object-group in your ACL:

access-list outbound extended permit tcp object-group Sprint_Mail host 12.34.56.78 eq smtp

This keeps you from having to create the same line over and over again changing only the source IPs.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now