Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2146
Views
0
Helpful
3
Replies

VPN PORTS TO OPEN OUTBOUND

ericohermoso
Level 1
Level 1

‎07-10-2010 05:23 AM

Hello,

I have a task to open VPN ports outbound only. Please help me on how to configure the firewall to access VPN. I want to open ports of VPN only where will I apply the ports in the firewall.

thank you and best regards

Edwin

Labels:
0 Helpful
3 Replies 3

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎07-10-2010 06:48 AM

I understand that you mean IPsec VPN? And not ANY kind of VPN?

Here's a list.

udp/500 - IKE

udp/4500 - IKE NAT-T

ESP

AH

(IPsec over TCP can use on top a verity of ports ... usually tcp/10000)

0 Helpful

ericohermoso
Level 1
Level 1
In response to Marcin Latosiewicz

‎07-10-2010 07:06 AM

Thank you for the reply. I am not so good about VPN. An Application for remote access vpn as configured in firewall, I'm not sure if it is IPSEC VPN. I will try to open this two port, Anyway, Please, what is equivalent port number of esp and AH.

thank you and best regards,

Edwin

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to ericohermoso

‎07-14-2010 02:11 AM

Edwin,

ESP and AH are IP protocols.

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

numbers 50 and 51.

Cisco ACLs (both ASA and IOS) allow you to do access-list XYZ permit esp h A h B (same for AH, and it does not require "host", it can be whole subnet).

Marcin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents