VPN client from behind a corporate firewall

gordinho01 · ‎01-04-2007

Hi, sorry if this has been covered before. I need to provide vpn client access to a cisco pix 501 (6.3.5). The remote users will be behind a non cisco firewall (not that it should matter I guess). What port should the remote networks sysadmin open on his firewall to allow vpn client out? I've read UDP port 500, can anyone confirm this?

cheers in advance

kamal-learn · ‎01-04-2007

hi

i dont think you will need to open a certain ports since the client will initiate a vpn from inside the network behind that firewall and i think automatically that firewall will set up a statefull database to allow the traffic comming back. but if it s not a statefull firewall i think you need to open isakmp port 500, esp port 50 and if u use ah open also 51, if you are using nat/pat i think you will need to use esp with TCP or UDP and by default tha use also the port 10000 unless modified by the admin from the client software.

HTH

do rate if it does help

gordinho01 · ‎01-05-2007

Cheers for the pointer, Kamal.The sysadmin at the other end has a massively locked down outbound rule set for internal clients. I've asked him about ISAKMP UDP 500 and TCP 10000. Hopefully he will help out :)

G

ps, this was first post on here, how do I rate replies?

gordinho01 · ‎01-05-2007

d'oh! ignore that ps. I think the "rate this reply" hyperlink was what I was looking for...

/must may more attention