I will make a site to site vpn betweeen two asa firewalls. But I have a adsl modem in front of the firewall so I need to make nat for these ports which are used by vpn. so what are these ports ? which ports should I make nat for vpn ?
For IPSec VPN, the following ports are to be used:
Phase 1: UDP/500
Phase 2: UDP/4500
You would also need to enable NAT-T on your ASA (command: crypto isakmp nat-traversal 20):
That would encapsulate ESP (phase 2) to UDP/4500 so it can be NATed.
It also advisable to open protocol 50 - ESP aswell.
Most likely not possible on an ASDL modem and since he is doing NAT the solution would be as stated above to use NAT-T. Therefore pushing phase 2 up to udp/4500.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: