Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA VPN Client and VPN L2L behind other ASA firewall

Hi Guys, I need to split my Firewall services as you can see on image attached, my actual Firewall keep connecting VPN Clent and L2L and my New ASA Firewall will gather all DMZs, but as you can see I need to open ports on  my new firewall to pass VPN client and L2L.

Wich ports do I need to open on my new Firewall to permit  VPN L2L and Clint connections?

thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA VPN Client and VPN L2L behind other ASA firewall

TCP/1723 and GRE would be for PPTP VPN.

and UDP/1701 and GRE would be for L2TP VPN.

If you are running both PPTP and L2TP as well, then yes, you would need the above ports as well.

3 REPLIES
Cisco Employee

Re: ASA VPN Client and VPN L2L behind other ASA firewall

IPSec VPN works on a number of protocol/ports, and here are most common ones (unless you have change the NAT-T to different ports):

UDP/500

ESP (protocol)

UDP/4500

UDP/10000

TCP/10000

Hope that helps.

Community Member

Re: ASA VPN Client and VPN L2L behind other ASA firewall

Jennifer,

thanks for your quickly response.

Will those ports work out fine for VPN-Client and VPN Site-to-Site?

I saw that there are TCP/1723 and TCP/1701, will necessary?

thanks

Cisco Employee

Re: ASA VPN Client and VPN L2L behind other ASA firewall

TCP/1723 and GRE would be for PPTP VPN.

and UDP/1701 and GRE would be for L2TP VPN.

If you are running both PPTP and L2TP as well, then yes, you would need the above ports as well.

241
Views
0
Helpful
3
Replies
CreatePlease to create content