What Ports/Protocols to map through NAT for VPN Concentrator?

Unanswered Question
Sep 3rd, 2008
User Badges:

I have a VPN concentrator behind a NAT router (model 2621XM). The VPN concentrator is at the edge of my lab network. While travelling, I want to be able to use a VPN Client on a Windows box to traverse my NAT router and connect to my VPN concentrator so that I can then access my lab network remotely. I now that I need to create a static NAT translation in my IOS router. What ports/protocols do I need to statically map?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Wed, 09/03/2008 - 20:54
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

esp, udp 500 or isakmp, udp 4500

good luck

if helpful Rate

jeffrey.girard Tue, 09/09/2008 - 16:25
User Badges:

OK, I statically mapped through my NAT esp, udp 500 and udp 4500. Still nothing. The VPN client attemps to connect and then reports Reason 412: The remote peer is no longer responding.

I have attached the config from my NAT router and the log from the VPN client as well as the output as debug IP nat as I ran a connection attempt. I have set the VPN client to: Enable Transparent Tunneling and using IPSec over UDP (NAT/PAT). I have checked the log of the VPN concentrator and it does not appear that any connection attempt is being made - hence I dont think that I am making it through the NAT correctly.


singhsaju Thu, 09/04/2008 - 05:45
User Badges:
  • Silver, 250 points or more


Note: that you will need one single dedicated ip for esp as it has no ports .




This Discussion