What are the ports used by Cisco VPN Client?

Answered Question
Apr 14th, 2004
User Badges:

Hello,

I need to open my outbound traffic on my firewall to permit two internal (in LAN) Cisco VPN Client to connect to their VPN over Internet.

I've already open 500/UDP port, but they aren't able to connect. If I open all outbound ports, they're able to connect.

What are the ports used by Cisco VPN Client?


Thank you



Correct Answer by pkapoor about 13 years 4 months ago

You need to open:

UDP 500

Protocol ESP


You may also need to open UDP port 4500 (if NAT-T is being used).


Further, if the clients are connecting to a VPN 3000 series Concentrator and it is configured for any of the other NAT-Transparency options, corresponding ports need to be opened. By default:

1. If IPSec over TCP 10000 is being used, then open TCP 10000.

2. If IPSec over UDP 10000 is being used, open UDP 1000.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.

ip protocol 50, esp. maybe ip protocol 51, ah (not likely).


you may need udp 4500 or 10000 depending on whether it is using nat encapsulation (it probably is out of the box, but depends on what kind of a device it is connecting to). your best bet is to parse the pix logs from that ip to see what ports it is using

Correct Answer
pkapoor Wed, 04/14/2004 - 07:58
User Badges:

You need to open:

UDP 500

Protocol ESP


You may also need to open UDP port 4500 (if NAT-T is being used).


Further, if the clients are connecting to a VPN 3000 series Concentrator and it is configured for any of the other NAT-Transparency options, corresponding ports need to be opened. By default:

1. If IPSec over TCP 10000 is being used, then open TCP 10000.

2. If IPSec over UDP 10000 is being used, open UDP 1000.

Actions

This Discussion