https://community.cisco.com/t5/network-security/ipsec-vpn-ports-protocol/m-p/1051570#M892965 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>ISAKMP - UDP 500</P><P>ESP - Protocol 50</P><P>ISAKMP NAT-Traversal - UDP 4500 (NAT-T)</P><P>IPSEC Over UDP - UDP 10000 (Default)</P><P>IPSEC Over TCP - TCP 10000 (Default)</P><P></P><P>Regards,</P><P>Arul</P><P></P><P>*Pls rate if it helps*</P></BODY></HTML> Fri, 28 Nov 2008 05:07:41 GMT ajagadee 2008-11-28T05:07:41Z https://community.cisco.com/t5/network-security/ipsec-vpn-ports-protocol/m-p/1051568#M892960 <P>I want to fine tune our firewall, for that I need to allow IPSec VPN traffic in firewall. Can anyone tell me the exact IPSec Ports &amp; Protocols? Our VPN device resides behind firewall and using IPSec over UDP.</P><P></P><P>We are using Cisco ASA 5500 series as a VPN server.</P> Mon, 11 Mar 2019 14:18:58 GMT https://community.cisco.com/t5/network-security/ipsec-vpn-ports-protocol/m-p/1051568#M892960 Muhammad Zubair 2019-03-11T14:18:58Z https://community.cisco.com/t5/network-security/ipsec-vpn-ports-protocol/m-p/1051569#M892961 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>For that you might need to allow UDP 500 also you might also need to allow ESP (protocol 50)</P><P></P><P>Assuming your VPN head end device uses a routable (public) IP address then you only need to allow the above ports, otherwise you will have to use static NAT.</P><P></P><P>what is your scenario ?</P><P></P><P></P></BODY></HTML> Fri, 28 Nov 2008 03:12:02 GMT https://community.cisco.com/t5/network-security/ipsec-vpn-ports-protocol/m-p/1051569#M892961 Fernando_Meza 2008-11-28T03:12:02Z https://community.cisco.com/t5/network-security/ipsec-vpn-ports-protocol/m-p/1051570#M892965 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>ISAKMP - UDP 500</P><P>ESP - Protocol 50</P><P>ISAKMP NAT-Traversal - UDP 4500 (NAT-T)</P><P>IPSEC Over UDP - UDP 10000 (Default)</P><P>IPSEC Over TCP - TCP 10000 (Default)</P><P></P><P>Regards,</P><P>Arul</P><P></P><P>*Pls rate if it helps*</P></BODY></HTML> Fri, 28 Nov 2008 05:07:41 GMT https://community.cisco.com/t5/network-security/ipsec-vpn-ports-protocol/m-p/1051570#M892965 ajagadee 2008-11-28T05:07:41Z https://community.cisco.com/t5/network-security/ipsec-vpn-ports-protocol/m-p/1051571#M892968 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P> </P><P>I have been search for this for a quite long time, but never got a firm answer.</P><P></P><P>Cisco VPN client on-line help says: IPSec over UDP - this port is negotiated and can not be changed - but never able to find any mention of how it is negotiated. </P><P></P><P>Looking at Sniffer packets - beside UDP 500, Sometimes UPD 62515, and other time UDP 62514 was used. UDP 10000 was never used.</P><P></P><P></P><P></P><P>Thanks</P><P></P><P></P><P></P><P></P><P></P><P></P><P> </P></BODY></HTML> Sun, 07 Jun 2009 15:24:10 GMT https://community.cisco.com/t5/network-security/ipsec-vpn-ports-protocol/m-p/1051571#M892968 jzhan 2009-06-07T15:24:10Z