11-27-2008 05:12 PM - edited 03-11-2019 07:18 AM
I want to fine tune our firewall, for that I need to allow IPSec VPN traffic in firewall. Can anyone tell me the exact IPSec Ports & Protocols? Our VPN device resides behind firewall and using IPSec over UDP.
We are using Cisco ASA 5500 series as a VPN server.
Solved! Go to Solution.
11-27-2008 09:07 PM
Hi,
ISAKMP - UDP 500
ESP - Protocol 50
ISAKMP NAT-Traversal - UDP 4500 (NAT-T)
IPSEC Over UDP - UDP 10000 (Default)
IPSEC Over TCP - TCP 10000 (Default)
Regards,
Arul
*Pls rate if it helps*
11-27-2008 07:12 PM
Hi,
For that you might need to allow UDP 500 also you might also need to allow ESP (protocol 50)
Assuming your VPN head end device uses a routable (public) IP address then you only need to allow the above ports, otherwise you will have to use static NAT.
what is your scenario ?
11-27-2008 09:07 PM
Hi,
ISAKMP - UDP 500
ESP - Protocol 50
ISAKMP NAT-Traversal - UDP 4500 (NAT-T)
IPSEC Over UDP - UDP 10000 (Default)
IPSEC Over TCP - TCP 10000 (Default)
Regards,
Arul
*Pls rate if it helps*
06-07-2009 08:24 AM
Hi,
I have been search for this for a quite long time, but never got a firm answer.
Cisco VPN client on-line help says: IPSec over UDP - this port is negotiated and can not be changed - but never able to find any mention of how it is negotiated.
Looking at Sniffer packets - beside UDP 500, Sometimes UPD 62515, and other time UDP 62514 was used. UDP 10000 was never used.
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: