VPN client from behind a corporate firewall

Unanswered Question
Jan 4th, 2007
User Badges:

Hi, sorry if this has been covered before. I need to provide vpn client access to a cisco pix 501 (6.3.5). The remote users will be behind a non cisco firewall (not that it should matter I guess). What port should the remote networks sysadmin open on his firewall to allow vpn client out? I've read UDP port 500, can anyone confirm this?

cheers in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
kamal-learn Thu, 01/04/2007 - 19:05
User Badges:
  • Bronze, 100 points or more


i dont think you will need to open a certain ports since the client will initiate a vpn from inside the network behind that firewall and i think automatically that firewall will set up a statefull database to allow the traffic comming back. but if it s not a statefull firewall i think you need to open isakmp port 500, esp port 50 and if u use ah open also 51, if you are using nat/pat i think you will need to use esp with TCP or UDP and by default tha use also the port 10000 unless modified by the admin from the client software.


do rate if it does help

gordinho01 Fri, 01/05/2007 - 04:36
User Badges:

Cheers for the pointer, Kamal.The sysadmin at the other end has a massively locked down outbound rule set for internal clients. I've asked him about ISAKMP UDP 500 and TCP 10000. Hopefully he will help out :)


ps, this was first post on here, how do I rate replies?

gordinho01 Fri, 01/05/2007 - 05:27
User Badges:

d'oh! ignore that ps. I think the "rate this reply" hyperlink was what I was looking for...

/must may more attention


This Discussion