- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Nortel Contivity Client On PC Behind PIX posted 01/31/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


    I did this about 18 months ago for a client.  Not sure if Nortel has
changed anything, but I had:

ip nat inside source static x.x.104.244

access-list 101 permit tcp any any range 8003 8004
access-list 101 permit udp any any range 8003 8004
access-list 101 permit udp any any eq isakmp
access-list 101 permit ahp any any
access-list 101 permit esp any any

This was on a router, but it should apply to Pix as well.  It's IPSec, so
you need a static nat for the internal VPN client.  I think all these access
rules were needed as well.  ACL 101 is on outside interface, inbound.

Chuck Church

----- Original Message -----
From: "Wright, Jeremy" <wright@xxxxxxxxxxxx>
To: <security@xxxxxxxxxxxxxx>
Cc: <ccielab@xxxxxxxxxxxxxx>
Sent: Friday, January 31, 2003 12:28 PM
Subject: OT: Nortel Contivity Client On PC Behind PIX

> Does anyone have a sample config that shows a PC with Nortel Contivity VPN
> software on it establishing a VPN through a PIX to an outside destination?
> (Meaning a sample of the PIX config)
> ************************
>           Jeremy Wright
>              Network Analyst
>              Archer Daniels Midland
>               ja_wright@xxxxxxxxxxxx
>      (217)451-4063
> ************************
> This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is privileged,
> confidential and exempt from disclosure under applicable law.  If the
> of this message is not the intended recipient or the employee or agent
> responsible for delivering this message to the intended recipient, you are
> hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited.
> If you have received this communication in error, please notify us
> immediately by email reply or by telephone and immediately delete this
> message and any attachments.  In the U.S. call us toll free at (800)
> 637-5843.
> .
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing:
unsubscribe ccielab