Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Opening ports 500 and 10000

I am trying to run a Nortel VPN client from behind my Pix 515. I have been told that I have to open udp and tcp ports 500 and 10000 to get this working. Can someone help me with how to do this?

Thanks.

Louanne

3 REPLIES
Gold

Re: Opening ports 500 and 10000

Hello Louanne,

If you need to open ports for TCP and UDP then you'll need to create ACL on the inside interface of the PIX, i.e.

> access-list inside permit tcp host any eq 500

> access-list inside permit udp host any eq 10000

> access-list inside permit ip any any

> access-group inside in interface inside

Make sure to save with cmd 'wr m' and do cmd 'clear xlate'

Hope this helps - Jay

New Member

Re: Opening ports 500 and 10000

Jay,

I apologize for being such a newbie here but...

My access lists have names/numbers. Do I create a new group with a name or is "inside" above the name? Also, above you specify . Would I have to set this up for each host that is running the nortel client? Can I specify a subnet so that all my users could potentially run this vpn client?

Gold

Re: Opening ports 500 and 10000

Hi -

The "inside" is the name, also you are saying that you have a mixture of names and numbers - correct? you can use numbers if you like but I find it better with names. How many inside clients have you got? If all your clients are on the same subnet, say, 192.168.10.10 then you could write the ACL as -

access-list permit tcp host 192.168.10.0 255.255.255.0 any eq 500

access-list permit udp host 192.168.10.0 255.255.255.0 any eq 10000

access-list permit ip any any

access-group in interface inside

Also, here's a good document on ACLs - one thing to remember is that on routers you use 'wildcard masks' i.e. on router ACL 255.255.255.0 will be 0.0.0.255 and on PIX it will not i.e. 255.255.255.0 - all explained on this document:

http://www.cisco.com/warp/public/707/confaccesslists.html

Now save with cmd 'wr m' and do cmd 'clear xlate'

Hope this helps - Jay

116
Views
0
Helpful
3
Replies