Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
856
Views
0
Helpful
4
Replies

Problems with VPNs What ports/protocols to leave open.

eric.roth
Level 1
Level 1

‎11-28-2000 06:39 AM - edited ‎03-08-2019 07:50 PM

I have a few different networks using different Cisco routers. In most instances I have ACLs in addition to CBACs on 2524 and 2621 routers with the FW IOS 12.05(T). I have yet to find a single document that lists what ports/protocols you need to have open to successfully initiate AND recieve VPN connections through the FW IOS. Any suggestions?

Labels:
0 Helpful
4 Replies 4

eric.roth
Level 1
Level 1
In response to wukunpeng

‎11-28-2000 08:37 AM

Thanks for the reply but I didn't see anything in that link about VPN traffic.

0 Helpful

bpetit
Cisco Employee
Cisco Employee
In response to eric.roth

‎11-29-2000 04:25 AM

you should enable esp for ipsec and udp port 500 for isakmp in your acl. hope this helps.

0 Helpful

net_eng_ineer
Level 1
Level 1

‎12-02-2000 05:22 PM

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/ipsec.htm

"Ensure Access Lists Are Compatible with IPSec

IKE uses UDP port 500. The IPSec ESP and AH protocols use protocol numbers 50 and 51. Ensure that your access lists are configured so that protocol 50, 51, and UDP port 500 traffic is not blocked at interfaces used by IPSec. In some cases you might need to add a statement to your access lists to explicitly permit this traffic."

0 Helpful
Customers Also Viewed These Support Documents