Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
4
Helpful
3
Replies

XP/2000 setup with Cisco VPN 3.5.4 through a client firewall.

wayne.willis
Level 1
Level 1

‎10-14-2002 11:06 AM - edited ‎02-21-2020 12:07 PM

Hello

I have several remote sites using either XP or Win2000. Each site has a firewall router setup. They will be connection to a PIX506. What ports do I need to open in the clients firewall so that the Cisco VPN can connect to my main site? I will be using Client Acess Express through the VPN. What ports if any does Client Acess need open. All suggestions Welcome.

Thank You

Labels:
0 Helpful
3 Replies 3

Nairi Adamian
Cisco Employee
Cisco Employee

‎10-15-2002 02:01 AM

For the ipsec tunnel to go through a firewall you need to allow the following:

udp port 500 (isakmp)

esp or ah protocols depending on which one you are using

hope this helps,

-Nairi

wayne.willis
Level 1
Level 1
In response to Nairi Adamian

‎10-17-2002 07:19 AM

I have all ready opened port 500. I have a VPN connection but can not ping any device on the other side. Which I can do If I am not going through a firewall.

Thanks

Wayne

0 Helpful

mark-neil
Level 1
Level 1
In response to wayne.willis

‎10-17-2002 10:55 AM

The previous post was entirely correct in that you need to have port 500 open for IKE/ISAKMP exchange. Recommend that you also open protocols 50 and 51 for ESP and AH. Having opened these protocols and ports, you'll need to configure your 506 to allow the incoming sessions only the access they require.

0 Helpful
Customers Also Viewed These Support Documents