Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Required Ports?

I have following Ports required but when I enabled NAT-T on client side (I think server is ON by default)

It can't connect(no prompt for username) just hangs and time out.

protocol 50 and 51

udp 500

udp 4500

do I need more?

Again, It connects fine with NAT-T disabled, and no go with NAT-T enabled.

  • Other Security Subjects
5 REPLIES

Re: Required Ports?

Hi dae,

"I think server is ON by default"

I assume you are trying to establish VPN connection to a Cisco device correct? Then you should issue the following command to enable NAT-T on device

crypto isakmp nat-traversal 20

Regards

New Member

Re: Required Ports?

sorry, I meant to ask what are the required ports.

do I need any other ports other than what I've said in the first post?

thanks

Re: Required Ports?

4500 and 500 are enough for NAT-T over UDP. For NAT-T over TCP, you also need TCP port 10000

New Member

Re: Required Ports?

on PIX ADSM setting it doesn't differenciate UDP or TCP NAT-T.

which one am I enabled?

Re: Required Ports?

dae,

I cant remember the exact screen in ASDM, but to enable it, you type the following in CLI

cyrpto isakmp nat-traversal 20

This enables NAT-T and it uses UDP by default. To use TCP, you need the following command

isakmp ipsec-over-tcp port 10000

445
Views
0
Helpful
5
Replies