Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IOS Firewall with EasyVPN - What ports need to be opened?

I can not establish a VPN connection from my VPN client while outside, but can from inside. I assume I need to open a port on my IOS firewall but I am not sure which one. I opened isakmp but that didn't help.

This is a 2801 with 12.4(15)t. Any Suggestions? The config is attached. Thanks!

4 REPLIES
Cisco Employee

Re: IOS Firewall with EasyVPN - What ports need to be opened?

Robert,

I hope the below information is useful.

ISAKMP - UDP 500

ESP - Protocol 50

NAT-T - UDP 4500

IPSEC Over UDP - UDP 10000 (Default)

IPSEC Over TCP - TCP 10000 (Default)

Regards,

Arul

** Please rate all helpful posts **

Re: IOS Firewall with EasyVPN - What ports need to be opened?

HI Arul

i wondering about the port to be opened

as long as this device the the vpn termenation device it dosent need to open the vpn port unless the device is dont passthrough am i right in this ?

Cisco Employee

Re: IOS Firewall with EasyVPN - What ports need to be opened?

From what I understood with the initial question is, there is an IOS Firewall before the VPN Device that is blocking traffic and ports need to be opened for IPSEC.

Regards,

Arul

Re: IOS Firewall with EasyVPN - What ports need to be opened?

do the following change

interface Virtual-Template2 type tunnel

interface FastEthernet0/1

after u get connected u will have problem that the vpn client will get connceted and get IP from the pool but can not communicate with inside hosts!!!

becuase u need to exmpt the traffic going from inside network to vpn pool from nating

u can do it is in ur nating ACL make first line as deny source ur LAN destination vpn pool and i would suggest u to use ip addresing for u vpn pool diffrent that the LAN rnage to avoide any subneting issues

good luck

if helpful Rate

3366
Views
0
Helpful
4
Replies
CreatePlease to create content