07-10-2010 05:23 AM
Hello,
I have a task to open VPN ports outbound only. Please help me on how to configure the firewall to access VPN. I want to open ports of VPN only where will I apply the ports in the firewall.
thank you and best regards
Edwin
07-10-2010 06:48 AM
I understand that you mean IPsec VPN? And not ANY kind of VPN?
Here's a list.
udp/500 - IKE
udp/4500 - IKE NAT-T
ESP
AH
(IPsec over TCP can use on top a verity of ports ... usually tcp/10000)
07-10-2010 07:06 AM
Thank you for the reply. I am not so good about VPN. An Application for remote access vpn as configured in firewall, I'm not sure if it is IPSEC VPN. I will try to open this two port, Anyway, Please, what is equivalent port number of esp and AH.
thank you and best regards,
Edwin
07-14-2010 02:11 AM
Edwin,
ESP and AH are IP protocols.
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
numbers 50 and 51.
Cisco ACLs (both ASA and IOS) allow you to do access-list XYZ permit esp h A h B (same for AH, and it does not require "host", it can be whole subnet).
Marcin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide