Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11511
Views
0
Helpful
1
Replies

which port for allow VPN site to site?

rechard_david
Level 1
Level 1

‎04-24-2013 08:18 PM

Dear All,

Could you let me know port number for allow VPN site to stie. currently i have linux firewall and below is ASA 5510, so i would like allow port VPN site to site on linux firewall and port to ASA 5510.

i allow ports as below so the VPN tunnel come up but we cannot ping from host to host but if i allow any any on linux firewall, i can ping from host to host.

1- 50,51,10000,500,4500

could you let me know which port should i allow?

Best Regards,

Rechard

Labels:
0 Helpful
1 Reply 1

Andrew Phirsov
Level 7
Level 7

‎04-24-2013 10:59 PM

For ipsec to work, you should permit on linux:

500/udp

ESP protocol (--protocol esp -j ACCEPT)

4500/udp (optionally, if there's a NAT)

VPN tunnel come up but we cannot ping from host to host but if i allow any any on linux firewall, i can ping from host to host.

This means that untill you permit any any on linux, tunnel actually doesn't come up, cause if it did, linux firewall rules won't be applied to already encrypted traffic.

0 Helpful
Customers Also Viewed These Support Documents