Required Ports?

dkim777oig · ‎03-31-2008

I have following Ports required but when I enabled NAT-T on client side (I think server is ON by default)

It can't connect(no prompt for username) just hangs and time out.

protocol 50 and 51

udp 500

udp 4500

do I need more?

Again, It connects fine with NAT-T disabled, and no go with NAT-T enabled.

husycisco · ‎03-31-2008

Hi dae,

"I think server is ON by default"

I assume you are trying to establish VPN connection to a Cisco device correct? Then you should issue the following command to enable NAT-T on device

crypto isakmp nat-traversal 20

Regards

dkim777oig · ‎03-31-2008

sorry, I meant to ask what are the required ports.

do I need any other ports other than what I've said in the first post?

thanks

husycisco · ‎03-31-2008

4500 and 500 are enough for NAT-T over UDP. For NAT-T over TCP, you also need TCP port 10000

dkim777oig · ‎03-31-2008

on PIX ADSM setting it doesn't differenciate UDP or TCP NAT-T.

which one am I enabled?

husycisco · ‎04-01-2008

dae,

I cant remember the exact screen in ASDM, but to enable it, you type the following in CLI

cyrpto isakmp nat-traversal 20

This enables NAT-T and it uses UDP by default. To use TCP, you need the following command

isakmp ipsec-over-tcp port 10000