IOS Firewall with EasyVPN - What ports need to be opened?

Unanswered Question
Oct 8th, 2008

I can not establish a VPN connection from my VPN client while outside, but can from inside. I assume I need to open a port on my IOS firewall but I am not sure which one. I opened isakmp but that didn't help.

This is a 2801 with 12.4(15)t. Any Suggestions? The config is attached. Thanks!

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ajagadee Wed, 10/08/2008 - 15:59

Robert,

I hope the below information is useful.

ISAKMP - UDP 500

ESP - Protocol 50

NAT-T - UDP 4500

IPSEC Over UDP - UDP 10000 (Default)

IPSEC Over TCP - TCP 10000 (Default)

Regards,

Arul

** Please rate all helpful posts **

Marwan ALshawi Wed, 10/08/2008 - 16:07

HI Arul

i wondering about the port to be opened

as long as this device the the vpn termenation device it dosent need to open the vpn port unless the device is dont passthrough am i right in this ?

ajagadee Thu, 10/09/2008 - 10:10

From what I understood with the initial question is, there is an IOS Firewall before the VPN Device that is blocking traffic and ports need to be opened for IPSEC.

Regards,

Arul

Marwan ALshawi Wed, 10/08/2008 - 16:05

do the following change

interface Virtual-Template2 type tunnel

interface FastEthernet0/1

after u get connected u will have problem that the vpn client will get connceted and get IP from the pool but can not communicate with inside hosts!!!

becuase u need to exmpt the traffic going from inside network to vpn pool from nating

u can do it is in ur nating ACL make first line as deny source ur LAN destination vpn pool and i would suggest u to use ip addresing for u vpn pool diffrent that the LAN rnage to avoide any subneting issues

good luck

if helpful Rate

Actions

This Discussion