Re: Cisco VPN Client behind firewall

jdemuth · ‎08-31-2006

I have a cisco 2621 running IOS ver 12.1 with the firewall feature set and I'm having trouble connecting to a VPN endpoint outside the firewall. I have UPD port 500 along with ESP, and AHP opened for both inbound and outbound traffic. The only thing I've been able to find on the internet says I should use NAT-T, but its doesn't appear to be support until IOS ver 12.2(13). Does anyone know a a way to make this work without upgrading the IOS? If not, will an IOS upgrade solve the porblem?

Thanks

sachinraja · ‎09-05-2006

You need to make sure you open the following ports :

udp 500

udp 4500

IP 50

IP 51...

if you are doing PAT to connect to the concentrator, u need to enable nat-transparency.. this is mandatory.... upgrade the IOS and enable this feature..

hope this helps.. all the best... rate replies if found useful...

Raj

jdemuth · ‎09-05-2006

I have udp 500, IP 50 and IP 51 open for 'any any' in the access list and using NAT overload and it appears to be working. What's port 4500 for?

Thanks

Cisco VPN Client behind firewall

Cisco Secure Firewall (FTD) - How To

Doc-Cisco ISE Posture p/ VPN de Acceso Remoto con Cisco Secure Client

FW/VPN: Cisco Secure Client と ASDM の同時接続環境について

ISEを用いたAD連携による、ASAでのVPN認証（Cisco Secure Client）の設定方法について

Umbrella: Cisco Secure Client の DART について (Windows 版)