Goal: Allow telecommuters at home to VPN into the protected network.
Internet traffic to our office goes through 2 Sidewinder firewalls before even hitting our Sidewinder firewall (yes - 3 firewalls). On our firewall, we have partioned a port for our DMZ and allowed inbound UDP500 and UDP10000. Upstream, the firewalls have the same rule.
My question is do you have to have inbound AND outbound traffic on those two ports?
Reason: Using Cisco VPN Client 4.6, we can "connect and authenticate", but looking at the statistics, we have thousands of bytes sent out but ZERO bytes received. To me it looks like the upstream firewall is blocking the handshaking or whatever goes on between a PIX and a client.
Thanks all, Sean