Cisco VPN Clients service ports that needed

Unanswered Question
Jul 16th, 2008
User Badges:

Hi Experts,


I would like to check what ports are needed to establish a complete VPN and also to complete the connection to the GFTP Server.


What happened is , the VPN connection able to establish but as the corporate firewall has open 500/udp for this vpn connection, but when trying to connect to the GFTP Server using port 21/tcp or 22/tcp, it is not able to go through.


Can i know what other service ports needed?


Thanks in advanced.

cindy



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Daniel Voicu Wed, 07/16/2008 - 23:32
User Badges:
  • Silver, 250 points or more

Hi Cindy,


The UDP 500 (ISAKMP) port is used only for the first phase of the VPN tunnel.


Depending on your configuration you also need to open UDP 4500 (NAT-T port used for data traffic behind NAT systems), UDP 10000 (old NAT-T port used by Cisco sometimes) and IP 50 protocol (raw ESP packes when no NAT-T is negociated).


This will do.


Please rate if this helped.


Regards,

Daniel

cindylee27 Wed, 07/16/2008 - 23:34
User Badges:

Thanks Daniel.

What time of configuration you referring to here?


Thanks again,

cindy


Daniel Voicu Thu, 07/17/2008 - 05:24
User Badges:
  • Silver, 250 points or more

Hi Cindy,


The Access-list will need to allow the VPN traffic over the Internet on ports UDP 500, 10000, 4500 and IP 50.


On your Internal network, behind the VPN box you need to enable the application ports: TCP 22, TCP 21, TCP 20 and so on.


Please rate if this helped.


Regards,

Daniel

cindylee27 Thu, 07/17/2008 - 18:32
User Badges:

Daniel,


Thanks..What i dun understand is..why the firewall still can detect the ports 4500/tcp even though the VPN tunnel has been established?


Thanks,

Regards,

cindy


Daniel Voicu Thu, 07/17/2008 - 23:33
User Badges:
  • Silver, 250 points or more

Hi Cindy,


It is possible that the VPN box is configured for NAT-T over TCP.


You can open the TCP 4500 also on the firewalls.


Please rate if this helped.


Regards,

Daniel

a.alekseev Thu, 07/17/2008 - 03:50
User Badges:
  • Gold, 750 points or more

Do you have access to any other Servers through the VPN connection?

Actions

This Discussion