Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
0
Helpful
5
Replies

Add port PIX listens for VPN traffic on

rimon.vallavanatt
Level 4
Level 4

‎10-21-2004 01:29 PM - edited ‎02-21-2020 01:24 PM

I want my PIX to listen for traffic on 443 as well as 10000, can this be done?

Labels:
0 Helpful
5 Replies 5

ddawson
Level 1
Level 1

‎10-21-2004 03:26 PM

The PIX doesn't use TCP or UDP port 10000 for VPN traffic - only the VPN 3000 series supports that feature. The recent PIX software can do NAT Traversal, which uses UDP port 4500, but these ports are not configurable.

TCP port 443 is used by HTTPS and, recently "WebVPN" or SSL VPN clients, but the PIX doesn't support either of these VPN technologies either. If you use PDM to manage the PIX it will use HTTPS, which will use TCP/443, but you can't use that for user data.

In short, no, there is no way to customize the ports the PIX uses to terminate VPN traffic.

0 Helpful

rimon.vallavanatt
Level 4
Level 4
In response to ddawson

‎10-21-2004 05:47 PM

I apologize for my ignorance, not a security guru yet. What port does the PIX use for VPN traffic? Is the feature on track for 7.0 pix sw?

0 Helpful

ddawson
Level 1
Level 1
In response to rimon.vallavanatt

‎10-22-2004 10:30 AM

The PIX (and all other IPSec VPN devices) uses UDP/500 and IP protocol 50 (ESP) for basic VPN traffic. IP protocol 51 (AH) can also be used, but it's much less common. The PIX also supports "NAT Traversal" (or "NAT-T") which is a proposed standard for IPSec through NAT that uses UDP/4500. You cannot change these ports.

Some vendors, including Cisco, also support encapsulation of IPSec traffic in proprietary ways (for example, UDP and TCP 10000 are common options in the Cisco VPN 3000 series, and the Cisco 5000 series supported TCP/80), but NAT-T is quickly becoming the preferred solution.

0 Helpful

rimon.vallavanatt
Level 4
Level 4
In response to ddawson

‎10-22-2004 11:59 AM

We were able to adjust our concentrator so that is would listen for VPN traffic on TCP port443, from a Cisco VPN client not some type of HTTPS but IPSEC. Is the answer simply that PIX cannot and is not on track to provide the same functionality?

0 Helpful

scoclayton
Level 7
Level 7
In response to rimon.vallavanatt

‎10-24-2004 04:47 PM

There are no plans to add WebVPN support to the PIX that I am aware of. However, this does not mean that it could not be added. I would suggest talking with your local Cisco account team concerning this. Sorry I don't have better news on this.

Scott

0 Helpful
Customers Also Viewed These Support Documents