08-22-2006 01:02 AM - edited 02-21-2020 02:35 PM
I have a user who users the VPN client (4.8) inside anther companies network, what ports need to be opened to allow this to work?
08-22-2006 01:05 AM
UDP 500 for ISAKMP
and UDP 4500 for NAT traversal
M.
08-22-2006 02:35 AM
If I get the company to open these each way then he should be ok to connect to our company via his VPN client?
08-22-2006 02:06 PM
maybe add TCP 10,000 too.
Then yes, it should be ok, it would use NAT-Traversal.
08-24-2006 11:34 AM
In addition to the UDP ports being opened which are used for ISAKMP negotiation, it would also be necessary to be sure that the firewall permitted ESP for the IPSec encrypted packets.
HTH
Rick
08-28-2006 06:32 PM
Can you specify whether these are incoming ports or outgoing ports (or both) that should be opened?
08-29-2006 05:17 AM
Jim
These protocols need to function in both directions. But the specific ports that were mentioned need to be opened as destination ports inbound. They need to be open as source ports outbound but usually outbound traffic is not heavily filtered so it is usually not much of an issue.
ESP (and sometimes AH) protocols need to be open inbound and outbound (and do not have port numbers to configure).
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide