Re: Cisco VPN Clients service ports that needed

cindylee27 · ‎07-16-2008

Hi Experts,

I would like to check what ports are needed to establish a complete VPN and also to complete the connection to the GFTP Server.

What happened is , the VPN connection able to establish but as the corporate firewall has open 500/udp for this vpn connection, but when trying to connect to the GFTP Server using port 21/tcp or 22/tcp, it is not able to go through.

Can i know what other service ports needed?

Thanks in advanced.

cindy

5220 · ‎07-16-2008

Hi Cindy,

The UDP 500 (ISAKMP) port is used only for the first phase of the VPN tunnel.

Depending on your configuration you also need to open UDP 4500 (NAT-T port used for data traffic behind NAT systems), UDP 10000 (old NAT-T port used by Cisco sometimes) and IP 50 protocol (raw ESP packes when no NAT-T is negociated).

This will do.

Please rate if this helped.

Regards,

Daniel

cindylee27 · ‎07-16-2008

Thanks Daniel.

What time of configuration you referring to here?

Thanks again,

cindy

5220 · ‎07-17-2008

Hi Cindy,

The Access-list will need to allow the VPN traffic over the Internet on ports UDP 500, 10000, 4500 and IP 50.

On your Internal network, behind the VPN box you need to enable the application ports: TCP 22, TCP 21, TCP 20 and so on.

Please rate if this helped.

Regards,

Daniel

cindylee27 · ‎07-17-2008

Daniel,

Thanks..What i dun understand is..why the firewall still can detect the ports 4500/tcp even though the VPN tunnel has been established?

Thanks,

Regards,

cindy

5220 · ‎07-17-2008

Hi Cindy,

It is possible that the VPN box is configured for NAT-T over TCP.

You can open the TCP 4500 also on the firewalls.

Please rate if this helped.

Regards,

Daniel

a.alekseev · ‎07-17-2008

Do you have access to any other Servers through the VPN connection?