VPN appliance in DMZ

Unanswered Question
Sep 26th, 2008
User Badges:

I have an ASA5510 firewall and in my DMZ I have another ASA to terminate VPNs. What ports would I need to allow through the Internet firewall to the ASA in the DMZ to allow Site to Site VPN. Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco24x7 Fri, 09/26/2008 - 09:19
User Badges:
  • Silver, 250 points or more

udp 500 and ESP proto 50

oszkari Fri, 09/26/2008 - 22:36
User Badges:

If NAT is used somewhere between the two IPSEC endpoints you have to allow UDP 4500 too.

Actions

This Discussion