Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN and ISP

I am trying to connect to a VPN 3000 concentrator thru my isp. I want to use the cisco client and IPSEC. The isp router is doing address translation. The ISP tells me that the have opened the ports on the router to allow the VPN connection. When I try to connect I get a message that says the VPN protocol is not supported by the remote host, which I assume to be the ISP router. What protocols and or ports need to be open for this to work and ultimately I want to establish a lan to lan connection so are there any other protocols/ports that would need to be open for that?

4 REPLIES
New Member

Re: VPN and ISP

Standard IPSEC need UDP port 500 (ISAKMP) , protocol 50 (ESP) , protocol AH (51) for LAN to LAN IPSEC tunnel and normal VPN client connection.

If you are using Cisco unity VPN client, it support "IPSEC over UDP" and " IPSEC over TCP" features as well.

For IPSEC over UDP, it needs UDP 500 and UDP 10000 (default)

For IPSEC over TCP, it needs TCP 10000 (default, can be change to anything).

If you are doing Client and lan to lan IPSEC tunnel, please ask them open all above ports and protocol depening which IPSEC policy you are using.

Best Regards,

New Member

Re: VPN and ISP

thanks

New Member

Re: VPN and ISP

I have comcast cable customers that are unable to establish their tunnels. I suspect this is because comcast is blocking udp 10000. I tried using tcp 1450 and set it on both the client and the concentrator. But I am not sure if I set it right. How do I tell?

New Member

Re: VPN and ISP

The key point is the concentrator end woking fine or not.

If you have enabled tcp 1450, you should be able to telnet to that port from the internet, although you will be allowed to type in any command , at least you can verify the port 1450 is opening in the concentrator end.

If the client end, normally it should allow all tcp traffic to going out.

When you trying VPN out, start your sniffer trace, you might see all the deatils of the source and destination TCP port details ( not the encypted traffic of cause).

Best Regards,

121
Views
0
Helpful
4
Replies
CreatePlease to create content