UDP Ports Blocked by ACL Causing Multiple VPN Connection Failure

jkerr · ‎10-04-2016

I have multiple Shrew Soft VPN tunnels working until I apply my ACL. Then I only get one connection at a time. If I allow all UDP traffic then it all works again. I need to limit UDP traffic but it seems I don't have the right ports permitted. Here is what I have permitted, what am I missing?

access-list 101 permit UDP host x.x.x.x any eq non500-isakmp

access-list 101 permit UDP host x.x.x.x any eq isakmp

access-list 101 permit esp host x.x.x.x any

Aditya Ganjoo · ‎10-04-2016

Hi,

It seems you have all the default ports required to allow VPN traffic.( UDP 500, 4500 and ESP)

Not sure why is does not work when you use the ACL.

Do you have any supporting logs at the time of the issue ?

Regards,

Aditya

Please rate helpful posts and mark correct answers.

jkerr · ‎10-05-2016

Thanks for the reply, Aditya.

Unfortunately I don't have any logs since it is for a client that has strict security guidelines. Shrew Soft is running in Windows. I suppose it is possible that I may need port 62515 based on some comments I've seen in other threads. I just wish there was some way to get confirmation before I have to go back onsite.

Regards,

John

Aditya Ganjoo · ‎10-05-2016

Hi John,

Please try opening the same port and test it and if it still does not work let me know.

Do share the logs at the time of the issue.

Regards,

Aditya

Please rate helpful posts and mark correct answers.