Hi All I have a very simple outbound ACL on a Pix 501:
access-list in-out line 1 permit tcp any any eq ftp (hitcnt=0) access-list in-out line 2 permit tcp any any eq www (hitcnt=130) access-list in-out line 3 permit tcp any any eq citrix-ica (hitcnt=0) access-list in-out line 4 permit udp any any eq isakmp (hitcnt=3) access-list in-out line 5 permit tcp any any eq 51 (hitcnt=0) access-list in-out line 6 permit tcp any any eq 50 (hitcnt=0) access-list in-out line 7 permit tcp any any eq 1863 (hitcnt=11) access-list in-out line 8 permit tcp any any eq https (hitcnt=8) access-list in-out line 9 permit tcp any any eq aol (hitcnt=0)
I am trying to create an ipsec tunnel through 501 to another PIX with a cisco client. The log shows that phase 1 (IKE) is completing successfully, but the connection fails after that. If I remove the ACL from the inside interface (no access-group in-out in interface inside) the client connects immediately.
I know I am probably missing something obvious here, but any help would really be appreciated.
Thanks.