Solved: Re: What are the ports used by Cisco VPN Client?

qs_cco · ‎04-14-2004

Hello,

I need to open my outbound traffic on my firewall to permit two internal (in LAN) Cisco VPN Client to connect to their VPN over Internet.

I've already open 500/UDP port, but they aren't able to connect. If I open all outbound ports, they're able to connect.

What are the ports used by Cisco VPN Client?

Thank you

pkapoor · ‎04-14-2004

You need to open:

UDP 500

Protocol ESP

You may also need to open UDP port 4500 (if NAT-T is being used).

Further, if the clients are connecting to a VPN 3000 series Concentrator and it is configured for any of the other NAT-Transparency options, corresponding ports need to be opened. By default:

1. If IPSec over TCP 10000 is being used, then open TCP 10000.

2. If IPSec over UDP 10000 is being used, open UDP 1000.

View solution in original post

mostiguy · ‎04-14-2004

ip protocol 50, esp. maybe ip protocol 51, ah (not likely).

you may need udp 4500 or 10000 depending on whether it is using nat encapsulation (it probably is out of the box, but depends on what kind of a device it is connecting to). your best bet is to parse the pix logs from that ip to see what ports it is using

pkapoor · ‎04-14-2004