Re: Issues with Port Access 5508-X

fbeye · ‎01-05-2020

Hello

I am running into a wall with a problem.

On one of my Interfaces on the 5508-X I have a Router connected which is using OpenVPN. On the Cisco under Access Rules I have a simple " any any ip permit" and everything works like a charm.

I wanted to get creative and manually open ports and have done so as such;

any any tcp/udp:domain permit (for the dns to resolve the server)

any any udp:1195 permit (port of the server/auth the vpn uses)

And when I do that, it does not connect and hangs with an error of "reconnecting tls-error".

I have contacted the VPN provider and they consistently mention only me needing to use 1195 for their server and 53 for the domain. When I go back to any any ip permit it works fine.

I know this is sort of an offshoot question to actual Cisco itself but maybe I am setting the access wrong?

Rob Ingram · ‎01-05-2020

Hi,
I am not familar with OpenVPN, so not aware what ports they use. Run a packet capture to determine which exact ports other than udp/1195 it actually uses. You can then amend the firewall rule as required.

HTH

fbeye · ‎01-06-2020

Hello

I clearly do not understand Packet Capture too well but I did notice it showed a great multitude of ports being used when set to default. Far too many that I want to manually open.

Prior to, I did indeed use 1194 as well.

Karsten Iwen · ‎01-05-2020

OpenVPN uses UDP/1194 by default. Have you tried to open that also? And sometimes TCP is also used.