Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problems with VPNs What ports/protocols to leave open.

I have a few different networks using different Cisco routers. In most instances I have ACLs in addition to CBACs on 2524 and 2621 routers with the FW IOS 12.05(T). I have yet to find a single document that lists what ports/protocols you need to have open to successfully initiate AND recieve VPN connections through the FW IOS. Any suggestions?

4 REPLIES
New Member

Re: Problems with VPNs What ports/protocols to leave open.

New Member

Re: Problems with VPNs What ports/protocols to leave open.

Thanks for the reply but I didn't see anything in that link about VPN traffic.

New Member

Re: Problems with VPNs What ports/protocols to leave open.

you should enable esp for ipsec and udp port 500 for isakmp in your acl. hope this helps.

New Member

Re: Problems with VPNs What ports/protocols to leave open.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113t/113t_3/ipsec.htm

"Ensure Access Lists Are Compatible with IPSec

IKE uses UDP port 500. The IPSec ESP and AH protocols use protocol numbers 50 and 51. Ensure that your access lists are configured so that protocol 50, 51, and UDP port 500 traffic is not blocked at interfaces used by IPSec. In some cases you might need to add a statement to your access lists to explicitly permit this traffic."

175
Views
0
Helpful
4
Replies