Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec VPN Ports/Protocol

I want to fine tune our firewall, for that I need to allow IPSec VPN traffic in firewall. Can anyone tell me the exact IPSec Ports & Protocols? Our VPN device resides behind firewall and using IPSec over UDP.

We are using Cisco ASA 5500 series as a VPN server.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: IPSec VPN Ports/Protocol

Hi,

ISAKMP - UDP 500

ESP - Protocol 50

ISAKMP NAT-Traversal - UDP 4500 (NAT-T)

IPSEC Over UDP - UDP 10000 (Default)

IPSEC Over TCP - TCP 10000 (Default)

Regards,

Arul

*Pls rate if it helps*

3 REPLIES

Re: IPSec VPN Ports/Protocol

Hi,

For that you might need to allow UDP 500 also you might also need to allow ESP (protocol 50)

Assuming your VPN head end device uses a routable (public) IP address then you only need to allow the above ports, otherwise you will have to use static NAT.

what is your scenario ?

Cisco Employee

Re: IPSec VPN Ports/Protocol

Hi,

ISAKMP - UDP 500

ESP - Protocol 50

ISAKMP NAT-Traversal - UDP 4500 (NAT-T)

IPSEC Over UDP - UDP 10000 (Default)

IPSEC Over TCP - TCP 10000 (Default)

Regards,

Arul

*Pls rate if it helps*

New Member

Re: IPSec VPN Ports/Protocol

Hi,

I have been search for this for a quite long time, but never got a firm answer.

Cisco VPN client on-line help says: IPSec over UDP - this port is negotiated and can not be changed - but never able to find any mention of how it is negotiated.

Looking at Sniffer packets - beside UDP 500, Sometimes UPD 62515, and other time UDP 62514 was used. UDP 10000 was never used.

Thanks

709
Views
10
Helpful
3
Replies
CreatePlease login to create content