Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port 10000 or UDP 500 on firewall.

Do I have to open port on firewall in order to use vpn client3.x or 4.x to connect to outside network. How do I configure my ASA to allow port TCP 10000 or udp 500 opened.

Clarification: my user inside network unable to connect to outside network using vpn client.

1 REPLY

Re: Port 10000 or UDP 500 on firewall.

Kehinde,

To use cisco vpn client from inside to connect to an outside RA Ipsec VPN server you simply need Ipsec pass through inspection configured in your global policy.

ciscoasa(config)# policy-map global_policy

ciscoasa(config-pmap)#class inspection_default

ciscoasa(config-pmap-c)#inspect ipsec-pass-thru

ciscoasa(config-pmap-c)#exit

See Ipsec pass through inspection section

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/inspect.html

you may also want to enable nat-t

ciscoasa(config)#crypto isakmp nat-traversal 20

Nat-T backround

http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/c5.html#wp2195488

Once done your inside cisco vpn clients should be able to vpn outside.

HTH

Rgds

Jorge

1007
Views
0
Helpful
1
Replies