Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1025
Views
0
Helpful
6
Replies

How to turn on udp port500 for vpn tunnel.

Zaheer_Assariya
Level 1
Level 1

‎11-13-2004 12:54 AM - edited ‎02-21-2020 01:26 PM

I wanna know how to :

1) Turn on OR off UDP port 500? or any other port on pix?

2) How to turn on of off protocol 50(ESP) and 51 (AH).

Labels:
0 Helpful
6 Replies 6

tmoreo
Level 1
Level 1

‎11-13-2004 11:07 AM

Do you want to allow these ports/protocols out for an internal user to access an external VPN and/or do you want to set up a site to site or remote to site VPN?

0 Helpful

Zaheer_Assariya
Level 1
Level 1
In response to tmoreo

‎11-13-2004 02:07 PM

I wanna know for both please. Thanks

0 Helpful

tmoreo
Level 1
Level 1
In response to Zaheer_Assariya

‎11-13-2004 04:02 PM

The simplest way to do site to site pix or remote to site VPN is to use the VPN wizard.

Follow the steps and you can almost accept all the defaults.(be sure to uncheck enable extended authentication)

For command line for remote

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

For command line for site to site

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172795.html

just do a search on the Cisco web site and there is a ton of info.

Also if you are more confortable with the PDM/GUI look at the commands entered after you use the gui to see how each choice you made created a specific command set.

For going out, it is like open a firewall for any other port or protocol.

If you are new to the device I would recommend the PDM/GUI.

Create a new "access rule"

From inside to outside

For a protocol select IP then you will see ESP... AH...

For a port select TCP or UDP then either enter your port's number or select the name.

A side note the port you are generally looking for is the "destination" port

Too much info to put in a small space but I hope it helps.

0 Helpful

Zaheer_Assariya
Level 1
Level 1
In response to tmoreo

‎11-14-2004 12:45 PM

Dear Tmoreo,

I wanna know how to turn on these ports and protocl 50 and 51 by command line and also how to turn it off on router and firewall. Thanks

0 Helpful

tmoreo
Level 1
Level 1
In response to Zaheer_Assariya

‎11-14-2004 01:05 PM

When you say you want to turn on these ports and protocols what do you mean?

What is it you want to do? Do you want to set up a VPN? Client to site? Site to Site?

Do you want a use a VPN from the inside to go through a firewall to a remote VPN device?

When you say turn it off on a router and firewall, what is the configuration?

Standard Edge router with a firewall behind it? And again what are you trying to accomplish? Do you want to block outbound?

Are these production boxes?

On a PIX you don't really "Turn on a port" you can apply access rules to permit or deny.

Without more information the rule might look like

access-list 100 permit udp any any eq isakmp

or

access-list 100 deny udp any any eq isakmp

You can turn on a Protocol like OSPF on a router or PIX by using "Router OSPF" command

for protocol 50 or ESP you use the crypto command set to turn on and configure. There are several commands. I suggest looking at the papers I listed in the previous post. It shows step by step how to "Turn on" ESP and the other related technologies

Honestly without more information about exactly what you want to accomplish and what the current physical confiuration there is not enough space to put down all the possible solutions.

0 Helpful

Zaheer_Assariya
Level 1
Level 1
In response to tmoreo

‎11-15-2004 02:09 PM

Dear Tmoreo,

I got my answer in ur reply. It was very helpfull. Access list was the answer that worked. Thanks a million. Takecare

0 Helpful
Customers Also Viewed These Support Documents