cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12724
Views
10
Helpful
3
Replies

IPSec VPN Ports/Protocol

Muhammad Zubair
Level 1
Level 1

I want to fine tune our firewall, for that I need to allow IPSec VPN traffic in firewall. Can anyone tell me the exact IPSec Ports & Protocols? Our VPN device resides behind firewall and using IPSec over UDP.

We are using Cisco ASA 5500 series as a VPN server.

1 Accepted Solution

Accepted Solutions

ajagadee
Cisco Employee
Cisco Employee

Hi,

ISAKMP - UDP 500

ESP - Protocol 50

ISAKMP NAT-Traversal - UDP 4500 (NAT-T)

IPSEC Over UDP - UDP 10000 (Default)

IPSEC Over TCP - TCP 10000 (Default)

Regards,

Arul

*Pls rate if it helps*

View solution in original post

3 Replies 3

Fernando_Meza
Level 7
Level 7

Hi,

For that you might need to allow UDP 500 also you might also need to allow ESP (protocol 50)

Assuming your VPN head end device uses a routable (public) IP address then you only need to allow the above ports, otherwise you will have to use static NAT.

what is your scenario ?

ajagadee
Cisco Employee
Cisco Employee

Hi,

ISAKMP - UDP 500

ESP - Protocol 50

ISAKMP NAT-Traversal - UDP 4500 (NAT-T)

IPSEC Over UDP - UDP 10000 (Default)

IPSEC Over TCP - TCP 10000 (Default)

Regards,

Arul

*Pls rate if it helps*

Hi,

I have been search for this for a quite long time, but never got a firm answer.

Cisco VPN client on-line help says: IPSec over UDP - this port is negotiated and can not be changed - but never able to find any mention of how it is negotiated.

Looking at Sniffer packets - beside UDP 500, Sometimes UPD 62515, and other time UDP 62514 was used. UDP 10000 was never used.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: