Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
911
Views
0
Helpful
4
Replies

site to site vpn help

Go to solution
peterhkim
Level 1
Level 1

‎08-12-2008 08:02 AM - edited ‎02-21-2020 03:53 PM

I'm trying to build site to site vpn using two 5520s. Two ASAs are sitting behind edge Cisco routers. To allow ASAs have site to site VPN, what port do I have to allow on the router to pass VPN traffic? I have to allow remote FW IP to connect to local FW IP. Port 50,51 and 500?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
4 Replies 4

Go to solution
5220
Level 4
Level 4

‎08-12-2008 09:38 AM

Yes, you got them all: IP ports 50 and 51 and UDP port 500. Also leave the ICMP ports opened between the IPs for the PathMTU Dicovery.

Please rate if this helped.

Regards,

Daniel

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to 5220

‎08-12-2008 10:02 AM

Careful not to get mixed up by ports 50 and 51 and ip protocols 50 and 51. You need ip protocol 50(esp) and udp port 500.

0 Helpful

Go to solution
peterhkim
Level 1
Level 1
In response to acomiskey

‎08-12-2008 10:12 AM

So, I need access-list setup on the router to allow udp port 500 and ip protocol 50.

Did I get this right?

Thanks.

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to peterhkim

‎08-12-2008 10:42 AM

Yes.

0 Helpful
Customers Also Viewed These Support Documents