Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN IP ports problems with ISP

I have multiple clients using the Cisco VPN client to connect to a PIX 515. Everything was working fine until one of the ISP's that a couple clients use made a change that will not let them connect anymore. They claim to only be blocking UDP & TCP ports 135 - 139. I'm looking for documentation to prove to them that they are blocking something else. Can anyone point me to the documentation regarding the ports the VPN client uses to connect with regards to TCP & UDP.

Thanks in advance.

  • Security Management
Cisco Employee

Re: VPN IP ports problems with ISP

Not sure on any documentation, but the client will use the following:

UDP/500 - ISAKMP, tunnel establishment

IP/50 - ESP, encrypted data

and if any sort of NAT transparency or encapsulation is used, then:

UDP/10000 - Default if UDP encapsulation is used, but can be changed to anything.

TCP/10000 - Default if TCP encapsulation is used, but can be changed to anything.

UDP/4500 - If NAT-T is negotiated, this is automatic and can't be changed.

This widget could not be displayed.