https://community.cisco.com/t5/network-security/port-4500/m-p/1665016#M557663 <HTML><HEAD></HEAD><BODY><P>It really depends on whether there is NAT or not between the 2 IPSec VPN sites.</P><P></P><P>By default, here is the IPSec VPN protocol:</P><P>- UDP/500 (Phase 1)</P><P>- ESP protocol (Phase 2)</P><P></P><P>And since ESP protocol can't be NATed as it is not a TCP or UDP port, but a protocol, you can enable the VPN peer with NAT-T (NAT-Transparency) which by default run on UDP/4500. It encapsulates the ESP procotol into UDP/4500 so it can be NATed if it's required.</P><P></P><P>In this case, the IPSec VPN protocol is:</P><P>- UDP/500 (Phase 1)</P><P>- UDP/4500 (Phase 2)</P><P></P><P>Hope this helps.</P></BODY></HTML> Sun, 17 Apr 2011 22:21:40 GMT Jennifer Halim 2011-04-17T22:21:40Z https://community.cisco.com/t5/network-security/port-4500/m-p/1665015#M557652 <P>Hi</P><P></P><P><SPAN style="background-color: #f8fafd;">if y need to enable VPN IPSec through the firewall. y just need to need to allow the port 4500?</SPAN></P> Mon, 11 Mar 2019 20:22:02 GMT https://community.cisco.com/t5/network-security/port-4500/m-p/1665015#M557652 Ibrahim Jamil 2019-03-11T20:22:02Z https://community.cisco.com/t5/network-security/port-4500/m-p/1665016#M557663 <HTML><HEAD></HEAD><BODY><P>It really depends on whether there is NAT or not between the 2 IPSec VPN sites.</P><P></P><P>By default, here is the IPSec VPN protocol:</P><P>- UDP/500 (Phase 1)</P><P>- ESP protocol (Phase 2)</P><P></P><P>And since ESP protocol can't be NATed as it is not a TCP or UDP port, but a protocol, you can enable the VPN peer with NAT-T (NAT-Transparency) which by default run on UDP/4500. It encapsulates the ESP procotol into UDP/4500 so it can be NATed if it's required.</P><P></P><P>In this case, the IPSec VPN protocol is:</P><P>- UDP/500 (Phase 1)</P><P>- UDP/4500 (Phase 2)</P><P></P><P>Hope this helps.</P></BODY></HTML> Sun, 17 Apr 2011 22:21:40 GMT https://community.cisco.com/t5/network-security/port-4500/m-p/1665016#M557663 Jennifer Halim 2011-04-17T22:21:40Z https://community.cisco.com/t5/network-security/port-4500/m-p/1665017#M557675 <HTML><HEAD></HEAD><BODY><P>thanks Halim</P></BODY></HTML> Mon, 18 Apr 2011 18:36:46 GMT https://community.cisco.com/t5/network-security/port-4500/m-p/1665017#M557675 Ibrahim Jamil 2011-04-18T18:36:46Z