02-06-2013 07:22 AM
We are running into an issue where ipsec vpn connecitvity isn't working on our guest wireless. SSL VPN works as its 443 but anything ispec is blocked. Do I need to allow that network service or is there an easier way?
02-06-2013 08:48 AM
There is a predefined "vpnlogon" policy that permits all standard VPN protocols. You could apply that to your guest role, or selectively add what you need.
The following summarizes the ACL:
ip access-list session vpnlogon
user any svc-ike permit
user any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
user any svc-natt permit
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX