Distinguished Expert
Posts: 1,989
Registered: ‎08-21-2009
Re: Allow (CiscoVPN) IPsec through
[ Edited ]

Hello,

AFAIAA, Cisco VPN client can also work over TCP/10000, UDP/10000 or UDP/4500 depending on version. May be a good idea to try and reconfigure  VPN clients for these users since you mentioned only "some users" have trouble.

I'd hazard a guess that your users in "internal" network are also NAPT-ed when going to "external", or are they?

If yes, then I think that NAT-ing ESP/proto 50 could only be done statically at the moment.

Rgds

Alex

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !