Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Which ports to open in PIX for outgoing Cisco VPN client connections ?

I have Cisco vpn clients behind the PIX and i want them to connect to a vpn 3005 which i behind another PIX . Can anybody tell me which ports i have to open on both the PIX firewalls ?

4 REPLIES
New Member

Re: Which ports to open in PIX for outgoing Cisco VPN client con

Hi,

you have to permit esp and isakmp on pix. for example;

access-list acl-out permit esp host 99.99.99.2 host 99.99.99.12

access-list acl-out permit udp host 99.99.99.2 host 99.99.99.12 eq isakmp

for more information you can check this example;

http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_configuration_example09186a008009486e.shtml

hope this helps.

New Member

Re: Which ports to open in PIX for outgoing Cisco VPN client con

It depends on how you have deployed your VPN Remote Access users.

.

By default, if you enable IPSec-Over-TCP or IPSec-over-UDP, then port 10000 is used for both, these methods are Cisco Proprietary and can be changed.

.

If you use NAT-T (NAT Traversal), the Standards-based implementation, then it uses UDP-4500).

.

either way, the operation of the VPN depends on:

1) Whether these service have been enable on the VPN Concentrator

2) Enabling the relevant transport settings on the VPN Client connection Properties.

Regarding the PIX infront of the VPNC3005, you will need to allow these above ports inbound to your VPNC3005 Public interface.

Locally, it depends if you filter outbound connections through your PIX. If you don't, then the PIX will allow the connection for the VPN Client attempting to access the remote VPNC3005

Gold

Re: Which ports to open in PIX for outgoing Cisco VPN client con

1. esp

2. udp 50

3. udp 4500

New Member

Re: Which ports to open in PIX for outgoing Cisco VPN client con

thanks for your reply . Do i need to open port 500 also for ipsec ?

1786
Views
0
Helpful
4
Replies
CreatePlease to create content