Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1563
Views
5
Helpful
2
Replies

port 4500

Ibrahim Jamil
Level 6
Level 6

‎04-17-2011 12:44 PM - edited ‎03-11-2019 01:22 PM

Hi

if y need to enable VPN IPSec through the firewall. y just need to need to allow the port 4500?

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎04-17-2011 03:21 PM

It really depends on whether there is NAT or not between the 2 IPSec VPN sites.

By default, here is the IPSec VPN protocol:

- UDP/500 (Phase 1)

- ESP protocol (Phase 2)

And since ESP protocol can't be NATed as it is not a TCP or UDP port, but a protocol, you can enable the VPN peer with NAT-T (NAT-Transparency) which by default run on UDP/4500. It encapsulates the ESP procotol into UDP/4500 so it can be NATed if it's required.

In this case, the IPSec VPN protocol is:

- UDP/500 (Phase 1)

- UDP/4500 (Phase 2)

Hope this helps.

Ibrahim Jamil
Level 6
Level 6
In response to Jennifer Halim

‎04-18-2011 11:36 AM

thanks Halim

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card