Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN PORTS TO OPEN OUTBOUND

Hello,

I have a task to open VPN ports outbound only. Please help me on how to configure the firewall to access VPN. I want to open ports of VPN only where will I apply the ports in the firewall.

thank you and best regards

Edwin

3 REPLIES
Cisco Employee

Re: VPN PORTS TO OPEN OUTBOUND

I understand that you mean IPsec VPN? And not ANY kind of VPN?

Here's a list.

udp/500 - IKE

udp/4500 - IKE NAT-T

ESP

AH

(IPsec over TCP can use on top a verity of ports ... usually tcp/10000)

New Member

Re: VPN PORTS TO OPEN OUTBOUND

Thank you for the reply. I am not so good about VPN. An Application for remote access vpn as configured in firewall, I'm not sure if it is IPSEC VPN. I will try to open this two port, Anyway, Please, what is equivalent port number of esp and AH.

thank you and best regards,

Edwin

Cisco Employee

Re: VPN PORTS TO OPEN OUTBOUND

Edwin,

ESP and AH are IP protocols.

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

numbers 50 and 51.

Cisco ACLs (both ASA and IOS) allow you to do access-list XYZ permit esp h A h B (same for AH, and it does not require "host", it can be whole subnet).

Marcin

1176
Views
0
Helpful
3
Replies