|
|
|
|
|
|||||||
 |
Computer Security - Ports for Clientless VPN on Cisco VPN 3000 Series |
|
|
Thread Tools | Search this Thread |
09-09-2005, 01:32 AM
|
#1 |
Ports for Clientless VPN on Cisco VPN 3000 Series
Which ports should I open on the firewall allowing "Site to Site" and
"Client to Site" IP Sec VPNs as well as Clientless VPNs? By the way, can this Cisco VPN be placed in the DMZ or behind the firewall on the internal network? Any info/pointers are much appreciated. Thanks, Doug Fox |
|
|
|
09-09-2005, 01:59 AM
|
#2 |
|
Posts: n/a
|
Re: Ports for Clientless VPN on Cisco VPN 3000 Series
Doug Fox wrote:
> Which ports should I open on the firewall allowing "Site to Site" and > "Client to Site" IP Sec VPNs as well as Clientless VPNs? > > By the way, can this Cisco VPN be placed in the DMZ or behind the firewall > on the internal network? > > Any info/pointers are much appreciated. > > Thanks, What configuration are you using? Are you doing NAT Transversal (NAT-T)? Are you using ESP or AH? If you are using VPN for clients I would suggest using NAT-T...The reason is that a lot of home users use NAT/PAT which can cause problems for ESP. Which is why NAT-T was invented.... I have not used clientless VPN with Cisco yet. Usually, but not always, they use the secure web ports 443... I hope that helps. Please reply back with your specific configuration requirements... Imhotep Imhotep |
|
|
|
09-09-2005, 02:05 AM
|
#3 |
|
Posts: n/a
|
Re: Ports for Clientless VPN on Cisco VPN 3000 Series
Imhotep wrote:
> Doug Fox wrote: > >> Which ports should I open on the firewall allowing "Site to Site" and >> "Client to Site" IP Sec VPNs as well as Clientless VPNs? >> >> By the way, can this Cisco VPN be placed in the DMZ or behind the >> firewall on the internal network? >> >> Any info/pointers are much appreciated. >> >> Thanks, > > What configuration are you using? Are you doing NAT Transversal (NAT-T)? > Are you using ESP or AH? > > If you are using VPN for clients I would suggest using NAT-T...The reason > is that a lot of home users use NAT/PAT which can cause problems for ESP. > Which is why NAT-T was invented.... > > I have not used clientless VPN with Cisco yet. Usually, but not always, > they use the secure web ports 443... > > I hope that helps. Please reply back with your specific configuration > requirements... > > > Imhotep Ah, I almost forgot. VPN (non NAT-T) uses either ESP or AH. These ARE NOT TCP/UDP ports but IP protocol numbers: ESP IP protocol type 50 AH IP protocol type 51 Either choice will use isakmp on port 500 udp NAT-T is different let me know if you are using it and I will explain it as I understand it...basically it encapsulates either ESP or AH packets and sends them over a UDP port (most people use UDP 10000) Im Imhotep |
|
|
|
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Advice for testing Cisco 7200 and 3600 series routers | sdtom | Hardware | 3 | 10-29-2007 03:30 PM |
| Anime DVD For Sale! | mikecole88@yahoo.com | DVD Video | 0 | 09-04-2006 06:53 PM |
| looking for anime | breadguy | DVD Video | 1 | 08-27-2006 06:59 PM |
| TV Shows for Sale | mick | DVD Video | 15 | 04-26-2005 11:54 PM |
| The Invaders Season DVD sets. | Tom McCafferty | DVD Video | 8 | 10-03-2004 12:49 AM |
