Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

What are these on external VPN service.

Hi guys,

I have a PIX that consists of a inside and outside network(Internet). The problem arise when my inside users need to establish VPN to a VPN server on the Internet. The external VPN gateway shouldnt establish a gateway2gateway VPN with my PIX or router. Its just a client2gateway scenario. The client will be using a netscreen VPN client on their computers. Can you guys advise me on how to accomplish this? What configuration should I write to my PIX? Open any ports on source and destination? Im using ASDM to configre my PIX. Thanks in advance...

New Member

Re: What are these on external VPN service.


you need to open UDP 4500, UDP 500 , IP 50,51 for getting the IPSEC to work. Are you using any ACL's on the inside of the PIX ? please enable this and let us know.



New Member

Re: What are these on external VPN service.

Hi Raj,

Open port for IP 50 & 51? Do you mean TCP instead? Btw, these UDP and TCP ports should open on source(Inside) port or destination(Outside) side? Is that all I need to open? Any other ports that I need to open on my Inside or Outside network? I came across a remark that mentioned something about opening GRE port too? Is there a need? If yes, any idea what port number is that GRE protocol should I activate and again, open as source or destination?

Btw, I have ACL on my PIX that states that users on the inside network can only access services like http, https, ftp and telnet on the outside destination.

Please advise and thanks for you reply.