IPSEC

Unanswered Question
Sep 4th, 2007

In order to establish a IPsec session between Cisco VPN client and PIX, what are the protocols which should be allowed on a router sitting in between them. As due to access list on the router my client is not able to establish IPsec with PIX.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Tue, 09/04/2007 - 09:05

udp port 500

ip protocols 50 (esp) and optionally 51 (ah)

in ios:

access-list 101 permit esp any any

access-list 101 permit udp any any eq 500/isakmp

this doesn't include any nat-t, ipsec over tcp, or ipsec over udp ports.

kabisurya Tue, 09/04/2007 - 21:40

Mr. Gupta,

Cisco VPN client encapsulates packets in TCP/UDP depending on the option you have selected in vpn client. On the router in between firewall and vpn client, ISAKMP and TCP (typically 10000, configurable) or UDP (typically 4500, configurable to any port in case of ASA) should be allowed in both directions

kabi

Actions

This Discussion