Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
423
Views
0
Helpful
1
Replies

allow server initiated tunnels through FW

nygenxny123
Level 1
Level 1

‎07-21-2011 08:58 AM - edited ‎03-11-2019 02:01 PM

Our server team is  looknig to Encapsulate domain Controller (DC-to-DC) traffic inside IPSec.   Following is the list of ports that would be needed if we go with IPSec route

DNS - 53/tcp, 53/udp

PPTP establishment - 1723/tcp

GRE, generic routing encapsulation - IP protocol 47

Kerberos - 88/tcp, 88/udp

IKE, Internet Key Exchange - 500/udp

IPSec ESP, encapsulated security payload - IP protocol 50

IPSec AH, authenticated header - IP protocol 51

My questions is IP protocol 51 and 57

all the other ports have been been opened...what would i need to enable on the FW to allow IPsec AH and GRE?

Labels:
0 Helpful
1 Reply 1

Jitendra Siyag
Level 1
Level 1

‎07-21-2011 09:07 AM

the lines would be

access-list test extended permit gre source destination

access-list test extended permit esp source destination

access-list test extended permit ah source destination

and allow udp 500 and 4500 if NAT is there

hope this helps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card