[c-nsp] requirements for VPN Access?
Asbjorn Hojmark - Lists
lists at hojmark.org
Fri Mar 2 18:57:56 EST 2007
> What are the requirements for a person to VPN out a
> Pix/ASA/FWSM.
What type of VPN?
> access-list GuestAccess extended permit esp any any
> access-list GuestAccess extended permit ah any any
> access-list GuestAccess extended permit udp any any eq isakmp
Surprisingly many guests use PPTP, which would need 1723/tcp
open to the outside. (3.1 does PPTP fixup to open for the GRE
tunnel).
Another common option is NAT-T (IPSec in 4500/udp).
-A
More information about the cisco-nsp
mailing list