VPN Client Ports

Unanswered Question
Mar 6th, 2009
User Badges:


I'm plaining to implement a Remote VPN architecture using Certificates. I need a list of ports to be opened in the Firewall to permit the communication between the VPN Client and the VPN Server (ASA).

I found this list:

UDP 500

UDP 4500

UDP 10000.

is there any other port?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JamesLuther Fri, 03/06/2009 - 01:40
User Badges:
  • Silver, 250 points or more


The list should be

UDP 500

UDP 4500

TCP 10000

ESP (IP protocol 50)


oabduo983 Sat, 03/07/2009 - 14:42
User Badges:
  • Bronze, 100 points or more


In all cases you will need to open udp/500, however,

If you are using NAT-T, then you open UDP/4500 and no need for esp


if you are using IPSec over tcp 10000, then you open TCP/10000 (not udp/10000), and no need for esp

otherwise you will open only udp/500 and esp without any other protocol

please rate if this is helpful!


This Discussion