cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2430
Views
0
Helpful
1
Replies

What ports need to be opened when attempting to access the UC540 remotely via CCA using a one to one NAT with Cisco VPN?

rifflewader
Level 1
Level 1

The customer is not using the UC540 as their firewall and we need remote access to the system.  The data vendor has a sonicwall firewall in place and we are plugged into it with our WAN port.  We are using Cisco VPN client but getting denied access to the firewall because we are hitting several different ports everytime. What information are we forgetting to relay to the Data vendor on the correct configuration of his firewall to allow access to the UC540?

Mike Carter

AtcomBTS

1 Reply 1

Steven DiStefano
VIP Alumni
VIP Alumni

Hi Mike,

I found a doc that may explain what to do.

https://supportforums.cisco.com/docs/DOC-9671

So in addition to the UC540 being a staic IP on the external firewall data vlan (with NAT rule from WAN to UC540), and the UC540 firewall turned off, and NAT turned off, and a VPN Server built on the UC540 with the credentials (Shared Secret and Group name) matching Cisco VPN CLient and UC540 VPN Server, I think the external FW has to let the IPSEC ports through too....

in the doc in a few scenarios I find this:

You need to ensure the following policies are applied to the firewall:
• If IPsec is used (for a multi-site data VPN and the Data LAN resides behind the UC500), make sure that the firewall allows
access to the following ports and protocols:
 IP Protocol ID 50, for both inbound and outbound filters. It should be set to allow Encapsulating Security Protocol
(ESP) traffic to be forwarded.
 UDP Port 500, for both inbound and outbound filters. It should be set to allow ISAKMP traffic to be forwarded.

Steve