Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
294
Views
0
Helpful
2
Replies

IPSEC

mgupta
Level 1
Level 1

‎09-04-2007 08:38 AM - edited ‎02-21-2020 03:15 PM

In order to establish a IPsec session between Cisco VPN client and PIX, what are the protocols which should be allowed on a router sitting in between them. As due to access list on the router my client is not able to establish IPsec with PIX.

Labels:
0 Helpful
2 Replies 2

srue
Level 7
Level 7

‎09-04-2007 09:05 AM

udp port 500

ip protocols 50 (esp) and optionally 51 (ah)

in ios:

access-list 101 permit esp any any

access-list 101 permit udp any any eq 500/isakmp

this doesn't include any nat-t, ipsec over tcp, or ipsec over udp ports.

0 Helpful

kabisurya
Level 1
Level 1

‎09-04-2007 09:40 PM

Mr. Gupta,

Cisco VPN client encapsulates packets in TCP/UDP depending on the option you have selected in vpn client. On the router in between firewall and vpn client, ISAKMP and TCP (typically 10000, configurable) or UDP (typically 4500, configurable to any port in case of ASA) should be allowed in both directions

kabi

0 Helpful
Customers Also Viewed These Support Documents