Required Ports?

Unanswered Question
Mar 31st, 2008
User Badges:

I have following Ports required but when I enabled NAT-T on client side (I think server is ON by default)

It can't connect(no prompt for username) just hangs and time out.

protocol 50 and 51

udp 500

udp 4500

do I need more?

Again, It connects fine with NAT-T disabled, and no go with NAT-T enabled.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
husycisco Mon, 03/31/2008 - 07:51
User Badges:
  • Gold, 750 points or more

Hi dae,

"I think server is ON by default"

I assume you are trying to establish VPN connection to a Cisco device correct? Then you should issue the following command to enable NAT-T on device

crypto isakmp nat-traversal 20


dkim777oig Mon, 03/31/2008 - 08:02
User Badges:

sorry, I meant to ask what are the required ports.

do I need any other ports other than what I've said in the first post?


husycisco Mon, 03/31/2008 - 08:23
User Badges:
  • Gold, 750 points or more

4500 and 500 are enough for NAT-T over UDP. For NAT-T over TCP, you also need TCP port 10000

dkim777oig Mon, 03/31/2008 - 10:24
User Badges:

on PIX ADSM setting it doesn't differenciate UDP or TCP NAT-T.

which one am I enabled?

husycisco Tue, 04/01/2008 - 07:32
User Badges:
  • Gold, 750 points or more


I cant remember the exact screen in ASDM, but to enable it, you type the following in CLI

cyrpto isakmp nat-traversal 20

This enables NAT-T and it uses UDP by default. To use TCP, you need the following command

isakmp ipsec-over-tcp port 10000


This Discussion