Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

What ports to open for VPN client though firewall?

I have a user who users the VPN client (4.8) inside anther companies network, what ports need to be opened to allow this to work?

  • Other Security Subjects
6 REPLIES
Gold

Re: What ports to open for VPN client though firewall?

UDP 500 for ISAKMP

and UDP 4500 for NAT traversal

M.

New Member

Re: What ports to open for VPN client though firewall?

If I get the company to open these each way then he should be ok to connect to our company via his VPN client?

Re: What ports to open for VPN client though firewall?

maybe add TCP 10,000 too.

Then yes, it should be ok, it would use NAT-Traversal.

Hall of Fame Super Silver

Re: What ports to open for VPN client though firewall?

In addition to the UDP ports being opened which are used for ISAKMP negotiation, it would also be necessary to be sure that the firewall permitted ESP for the IPSec encrypted packets.

HTH

Rick

New Member

Re: What ports to open for VPN client though firewall?

Can you specify whether these are incoming ports or outgoing ports (or both) that should be opened?

Hall of Fame Super Silver

Re: What ports to open for VPN client though firewall?

Jim

These protocols need to function in both directions. But the specific ports that were mentioned need to be opened as destination ports inbound. They need to be open as source ports outbound but usually outbound traffic is not heavily filtered so it is usually not much of an issue.

ESP (and sometimes AH) protocols need to be open inbound and outbound (and do not have port numbers to configure).

HTH

Rick

780
Views
0
Helpful
6
Replies