site to site vpn help

Answered Question
Aug 12th, 2008
User Badges:

I'm trying to build site to site vpn using two 5520s. Two ASAs are sitting behind edge Cisco routers. To allow ASAs have site to site VPN, what port do I have to allow on the router to pass VPN traffic? I have to allow remote FW IP to connect to local FW IP. Port 50,51 and 500?


Thanks.

Correct Answer by acomiskey about 8 years 9 months ago

Yes.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Daniel Voicu Tue, 08/12/2008 - 09:38
User Badges:
  • Silver, 250 points or more

Yes, you got them all: IP ports 50 and 51 and UDP port 500. Also leave the ICMP ports opened between the IPs for the PathMTU Dicovery.


Please rate if this helped.


Regards,

Daniel

acomiskey Tue, 08/12/2008 - 10:02
User Badges:
  • Green, 3000 points or more

Careful not to get mixed up by ports 50 and 51 and ip protocols 50 and 51. You need ip protocol 50(esp) and udp port 500.

peterhkim Tue, 08/12/2008 - 10:12
User Badges:

So, I need access-list setup on the router to allow udp port 500 and ip protocol 50.


Did I get this right?


Thanks.

Correct Answer
acomiskey Tue, 08/12/2008 - 10:42
User Badges:
  • Green, 3000 points or more

Yes.

Actions

This Discussion