Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

site to site vpn help

I'm trying to build site to site vpn using two 5520s. Two ASAs are sitting behind edge Cisco routers. To allow ASAs have site to site VPN, what port do I have to allow on the router to pass VPN traffic? I have to allow remote FW IP to connect to local FW IP. Port 50,51 and 500?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: site to site vpn help

Yes.

4 REPLIES

Re: site to site vpn help

Yes, you got them all: IP ports 50 and 51 and UDP port 500. Also leave the ICMP ports opened between the IPs for the PathMTU Dicovery.

Please rate if this helped.

Regards,

Daniel

Green

Re: site to site vpn help

Careful not to get mixed up by ports 50 and 51 and ip protocols 50 and 51. You need ip protocol 50(esp) and udp port 500.

New Member

Re: site to site vpn help

So, I need access-list setup on the router to allow udp port 500 and ip protocol 50.

Did I get this right?

Thanks.

Green

Re: site to site vpn help

Yes.

122
Views
0
Helpful
4
Replies