Unanswered Question
Sep 4th, 2007
User Badges:

In order to establish a IPsec session between Cisco VPN client and PIX, what are the protocols which should be allowed on a router sitting in between them. As due to access list on the router my client is not able to establish IPsec with PIX.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Tue, 09/04/2007 - 09:05
User Badges:
  • Blue, 1500 points or more

udp port 500

ip protocols 50 (esp) and optionally 51 (ah)

in ios:

access-list 101 permit esp any any

access-list 101 permit udp any any eq 500/isakmp

this doesn't include any nat-t, ipsec over tcp, or ipsec over udp ports.

kabisurya Tue, 09/04/2007 - 21:40
User Badges:

Mr. Gupta,

Cisco VPN client encapsulates packets in TCP/UDP depending on the option you have selected in vpn client. On the router in between firewall and vpn client, ISAKMP and TCP (typically 10000, configurable) or UDP (typically 4500, configurable to any port in case of ASA) should be allowed in both directions



This Discussion