Solved

Cisco VPN's

Posted on 2011-03-21
1
439 Views
Last Modified: 2012-06-27
I have a cisco 2801 router with the security pack on it. I have VPN set up so the my outside users can VPN into our office. The problem I'm having is that I have a consultant who is trying to VPN into his office while on our network. He is running a Cisco Concentrator on his end. The VPN can't make a connection. It works fine from outside our network just not inside my network. Here is the ACL's I I have set up for the Wan Interface. What am I missing.
 
    10 permit icmp any host xxx.xxx.xx.xx unreachable
    20 permit icmp any host xxx.xxx.xx.xx echo
    30 permit icmp any host xxx.xxx.xx.xx echo-reply
    40 permit icmp any host xxx.xxx.xx.xx packet-too-big
    50 permit icmp any host xxx.xxx.xx.xx time-exceeded
    60 permit icmp any host xxx.xxx.xx.xx traceroute
    70 permit icmp any host xxx.xxx.xx.xx administratively-prohibited
    80 permit tcp any host xxx.xxx.xx.xx eq 22
    90 permit tcp any host xxx.xxx.xx.xx eq domain
    100 permit tcp any host xxx.xxx.xx.xx eq 443
    110 permit tcp any host xxx.xxx.xx.xx eq 4080
    120 permit tcp any host xxx.xxx.xx.xx eq 5223
    130 permit udp any host xxx.xxx.xx.xx range 16399 16472
    140 permit udp any host xxx.xxx.xx.xx eq 80
    150 permit esp any any
    160 permit udp any eq ntp any
    170 permit udp any any eq isakmp
    180 permit udp any any eq non500-isakmp
Thanks

0
Comment
Question by:Scott_Smith24
1 Comment
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 35185004
He may need TCP/10000 open
 175 permit tcp any any eq 10000
Or an established permit
 15 permit tcp any any established

Do you have firewall inspection applied?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now