07-10-2010 05:23 AM
Hello,
I have a task to open VPN ports outbound only. Please help me on how to configure the firewall to access VPN. I want to open ports of VPN only where will I apply the ports in the firewall.
thank you and best regards
Edwin
07-10-2010 06:48 AM
I understand that you mean IPsec VPN? And not ANY kind of VPN?
Here's a list.
udp/500 - IKE
udp/4500 - IKE NAT-T
ESP
AH
(IPsec over TCP can use on top a verity of ports ... usually tcp/10000)
07-10-2010 07:06 AM
Thank you for the reply. I am not so good about VPN. An Application for remote access vpn as configured in firewall, I'm not sure if it is IPSEC VPN. I will try to open this two port, Anyway, Please, what is equivalent port number of esp and AH.
thank you and best regards,
Edwin
07-14-2010 02:11 AM
Edwin,
ESP and AH are IP protocols.
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
numbers 50 and 51.
Cisco ACLs (both ASA and IOS) allow you to do access-list XYZ permit esp h A h B (same for AH, and it does not require "host", it can be whole subnet).
Marcin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: