cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11687
Views
0
Helpful
1
Replies

which port for allow VPN site to site?

rechard_david
Level 1
Level 1

Dear All,

Could you let me know port number for allow VPN site to stie. currently i have linux firewall and below is ASA 5510, so i would like allow port VPN site to site on linux firewall and port to ASA 5510.

i allow ports as below so the VPN tunnel come up but we cannot ping from host to host but if i allow any any on linux firewall, i can ping from host to host.

1- 50,51,10000,500,4500

could you let me know which port should i allow?

Best Regards,

Rechard

1 Reply 1

Andrew Phirsov
Level 7
Level 7

For ipsec to work, you should permit on linux:

500/udp

ESP protocol (--protocol esp -j ACCEPT)

4500/udp (optionally, if there's a NAT)

VPN tunnel come up but we cannot ping from host to host but if i allow any any on linux firewall, i can ping from host to host.

This means that untill you permit any any on linux, tunnel actually doesn't come up, cause if it did, linux firewall rules won't be applied to already encrypted traffic.