10-14-2002 11:06 AM - edited 02-21-2020 12:07 PM
Hello
I have several remote sites using either XP or Win2000. Each site has a firewall router setup. They will be connection to a PIX506. What ports do I need to open in the clients firewall so that the Cisco VPN can connect to my main site? I will be using Client Acess Express through the VPN. What ports if any does Client Acess need open. All suggestions Welcome.
Thank You
10-15-2002 02:01 AM
For the ipsec tunnel to go through a firewall you need to allow the following:
udp port 500 (isakmp)
esp or ah protocols depending on which one you are using
hope this helps,
-Nairi
10-17-2002 07:19 AM
I have all ready opened port 500. I have a VPN connection but can not ping any device on the other side. Which I can do If I am not going through a firewall.
Thanks
Wayne
10-17-2002 10:55 AM
The previous post was entirely correct in that you need to have port 500 open for IKE/ISAKMP exchange. Recommend that you also open protocols 50 and 51 for ESP and AH. Having opened these protocols and ports, you'll need to configure your 506 to allow the incoming sessions only the access they require.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide