Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

XP/2000 setup with Cisco VPN 3.5.4 through a client firewall.

Hello

I have several remote sites using either XP or Win2000. Each site has a firewall router setup. They will be connection to a PIX506. What ports do I need to open in the clients firewall so that the Cisco VPN can connect to my main site? I will be using Client Acess Express through the VPN. What ports if any does Client Acess need open. All suggestions Welcome.

Thank You

3 REPLIES
Cisco Employee

Re: XP/2000 setup with Cisco VPN 3.5.4 through a client firewall

For the ipsec tunnel to go through a firewall you need to allow the following:

udp port 500 (isakmp)

esp or ah protocols depending on which one you are using

hope this helps,

-Nairi

New Member

Re: XP/2000 setup with Cisco VPN 3.5.4 through a client firewall

I have all ready opened port 500. I have a VPN connection but can not ping any device on the other side. Which I can do If I am not going through a firewall.

Thanks

Wayne

New Member

Re: XP/2000 setup with Cisco VPN 3.5.4 through a client firewall

The previous post was entirely correct in that you need to have port 500 open for IKE/ISAKMP exchange. Recommend that you also open protocols 50 and 51 for ESP and AH. Having opened these protocols and ports, you'll need to configure your 506 to allow the incoming sessions only the access they require.

112
Views
4
Helpful
3
Replies
CreatePlease to create content