cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5520
Views
0
Helpful
4
Replies

IOS Firewall with EasyVPN - What ports need to be opened?

robert-knapp
Level 1
Level 1

I can not establish a VPN connection from my VPN client while outside, but can from inside. I assume I need to open a port on my IOS firewall but I am not sure which one. I opened isakmp but that didn't help.

This is a 2801 with 12.4(15)t. Any Suggestions? The config is attached. Thanks!

4 Replies 4

ajagadee
Cisco Employee
Cisco Employee

Robert,

I hope the below information is useful.

ISAKMP - UDP 500

ESP - Protocol 50

NAT-T - UDP 4500

IPSEC Over UDP - UDP 10000 (Default)

IPSEC Over TCP - TCP 10000 (Default)

Regards,

Arul

** Please rate all helpful posts **

HI Arul

i wondering about the port to be opened

as long as this device the the vpn termenation device it dosent need to open the vpn port unless the device is dont passthrough am i right in this ?

From what I understood with the initial question is, there is an IOS Firewall before the VPN Device that is blocking traffic and ports need to be opened for IPSEC.

Regards,

Arul

Marwan ALshawi
VIP Alumni
VIP Alumni

do the following change

interface Virtual-Template2 type tunnel

interface FastEthernet0/1

after u get connected u will have problem that the vpn client will get connceted and get IP from the pool but can not communicate with inside hosts!!!

becuase u need to exmpt the traffic going from inside network to vpn pool from nating

u can do it is in ur nating ACL make first line as deny source ur LAN destination vpn pool and i would suggest u to use ip addresing for u vpn pool diffrent that the LAN rnage to avoide any subneting issues

good luck

if helpful Rate

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: