site to site vpn help

Answered Question
Aug 12th, 2008

I'm trying to build site to site vpn using two 5520s. Two ASAs are sitting behind edge Cisco routers. To allow ASAs have site to site VPN, what port do I have to allow on the router to pass VPN traffic? I have to allow remote FW IP to connect to local FW IP. Port 50,51 and 500?


I have this problem too.
0 votes
Correct Answer by acomiskey about 8 years 5 months ago


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Daniel Voicu Tue, 08/12/2008 - 09:38

Yes, you got them all: IP ports 50 and 51 and UDP port 500. Also leave the ICMP ports opened between the IPs for the PathMTU Dicovery.

Please rate if this helped.



acomiskey Tue, 08/12/2008 - 10:02

Careful not to get mixed up by ports 50 and 51 and ip protocols 50 and 51. You need ip protocol 50(esp) and udp port 500.

peterhkim Tue, 08/12/2008 - 10:12

So, I need access-list setup on the router to allow udp port 500 and ip protocol 50.

Did I get this right?



This Discussion