07-16-2008 11:24 PM
Hi Experts,
I would like to check what ports are needed to establish a complete VPN and also to complete the connection to the GFTP Server.
What happened is , the VPN connection able to establish but as the corporate firewall has open 500/udp for this vpn connection, but when trying to connect to the GFTP Server using port 21/tcp or 22/tcp, it is not able to go through.
Can i know what other service ports needed?
Thanks in advanced.
cindy
07-16-2008 11:32 PM
Hi Cindy,
The UDP 500 (ISAKMP) port is used only for the first phase of the VPN tunnel.
Depending on your configuration you also need to open UDP 4500 (NAT-T port used for data traffic behind NAT systems), UDP 10000 (old NAT-T port used by Cisco sometimes) and IP 50 protocol (raw ESP packes when no NAT-T is negociated).
This will do.
Please rate if this helped.
Regards,
Daniel
07-16-2008 11:34 PM
Thanks Daniel.
What time of configuration you referring to here?
Thanks again,
cindy
07-17-2008 05:24 AM
Hi Cindy,
The Access-list will need to allow the VPN traffic over the Internet on ports UDP 500, 10000, 4500 and IP 50.
On your Internal network, behind the VPN box you need to enable the application ports: TCP 22, TCP 21, TCP 20 and so on.
Please rate if this helped.
Regards,
Daniel
07-17-2008 06:32 PM
Daniel,
Thanks..What i dun understand is..why the firewall still can detect the ports 4500/tcp even though the VPN tunnel has been established?
Thanks,
Regards,
cindy
07-17-2008 11:33 PM
Hi Cindy,
It is possible that the VPN box is configured for NAT-T over TCP.
You can open the TCP 4500 also on the firewalls.
Please rate if this helped.
Regards,
Daniel
07-17-2008 03:50 AM
Do you have access to any other Servers through the VPN connection?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide