01-11-2011 12:42 PM
Can someone tell me what will be the outbound/inbound traffic that i need to open for Microsoft's VPN? I have a client working in our network and she need to connect back to their computer via MS's VPN from her windows vpn client. Specifically, I need to allow this type of trafic in my ASA firewall.
Thanks
01-11-2011 01:39 PM
Hi,
If using Microsoft's PPTP it uses TCP 1723.
Then it uses GRE to encapsulate the traffic (IP protocol 47)
L2TP uses UDP 1701 but it normally uses IPsec as well.
IPsec uses ESP (IP protocol 50), UDP 500 for ISAKMP and UDP 4500 for NAT-T or TCP 10000 for IPsec/TCP.
Federico.
01-11-2011 01:58 PM
one more question, do I have to open both outbound/inbound traffic for these ports?
01-11-2011 02:04 PM
If the client is inside the ASA (server outside).... and assuming PPTP...
The VPN connection will be establishing using TCP 1723
Port 1723 will be the destination port.
The source port will be a random generated port.
Normally what you do is make sure that outgoing destination port TCP 1723 is permitted and also GRE.
Check out that you have PPTP inspection enabled on the ASA so the return traffic will be automatically permitted (just worry about outbound access).
policy-map global_policy
class inspection_default
inspect pptp
Federico.
01-12-2011 11:32 AM
Probably that make sense why there's no return traffic in my case. Actually my clients use both pptp and l2tp. I will try your method and let you know if that works out.
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide