Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
3
Replies

Opening ports 500 and 10000

l4nier
Level 1
Level 1

‎09-10-2003 08:19 AM - edited ‎03-09-2019 04:43 AM

I am trying to run a Nortel VPN client from behind my Pix 515. I have been told that I have to open udp and tcp ports 500 and 10000 to get this working. Can someone help me with how to do this?

Thanks.

Louanne

Labels:
0 Helpful
3 Replies 3

jmia
Level 7
Level 7

‎09-10-2003 08:30 AM

Hello Louanne,

If you need to open ports for TCP and UDP then you'll need to create ACL on the inside interface of the PIX, i.e.

> access-list inside permit tcp host any eq 500

> access-list inside permit udp host any eq 10000

> access-list inside permit ip any any

> access-group inside in interface inside

Make sure to save with cmd 'wr m' and do cmd 'clear xlate'

Hope this helps - Jay

0 Helpful

l4nier
Level 1
Level 1
In response to jmia

‎09-10-2003 08:36 AM

Jay,

I apologize for being such a newbie here but...

My access lists have names/numbers. Do I create a new group with a name or is "inside" above the name? Also, above you specify . Would I have to set this up for each host that is running the nortel client? Can I specify a subnet so that all my users could potentially run this vpn client?

0 Helpful

jmia
Level 7
Level 7
In response to l4nier

‎09-10-2003 08:51 AM

Hi -

The "inside" is the name, also you are saying that you have a mixture of names and numbers - correct? you can use numbers if you like but I find it better with names. How many inside clients have you got? If all your clients are on the same subnet, say, 192.168.10.10 then you could write the ACL as -

access-list permit tcp host 192.168.10.0 255.255.255.0 any eq 500

access-list permit udp host 192.168.10.0 255.255.255.0 any eq 10000

access-list permit ip any any

access-group in interface inside

Also, here's a good document on ACLs - one thing to remember is that on routers you use 'wildcard masks' i.e. on router ACL 255.255.255.0 will be 0.0.0.255 and on PIX it will not i.e. 255.255.255.0 - all explained on this document:

http://www.cisco.com/warp/public/707/confaccesslists.html

Now save with cmd 'wr m' and do cmd 'clear xlate'

Hope this helps - Jay

0 Helpful
Customers Also Viewed These Support Documents