PIX/Cisco VPN/Ports Issue

Discussion in 'Cisco' started by YKP, Oct 28, 2003.

  1. YKP

    YKP Guest

    Hello everyone,

    At my work place, we have Cisco PIX 515E(6.3.2) that provides VPN
    connectivity to the remote staff using Cisco VPN software v4.0.2(D).
    However, some of staff reported us that they couldn't use Cisco VPN
    software because of agency's firewall. But, at home or other agenies,
    other staff can connect to our VPN without problem.

    We asked the agency's tech guys to help us out by openning following
    ports.

    IP protocol 50(ESP)
    IP protocol 51(AHP)
    UDP 500(ISAKMP)
    UDP 4500
    VPN address: xxx.xxx.xxx.xxx

    but, it still didn't work.

    We know that PIX 515 doesn't support TCP/10000 for encapsulation. And we
    beleve that it only support UDP/4500 for it. We also noticed that the VPN
    software is using 62xxx ports. But Cisco site said that those 62xxx ports
    for interal purpose only, not for the remote VPN connection.

    I want to ask any expert that what we did missing?
    Thank you for your help,

    Young.

    P.S. Please remove nospam at my e-mail.
    YKP, Oct 28, 2003
    #1
    1. Advertising

  2. In article <Xns9421CCAAC497Etallguycomcastnet@216.196.97.136>,
    YKP <> wrote:
    :At my work place, we have Cisco PIX 515E(6.3.2)

    6.3(2) was withdrawn because of a bad software problem. You
    should upgrade to 6.3(3).

    [But it's probably not the same problem that you are encountering.]

    :IP protocol 50(ESP)
    :IP protocol 51(AHP)
    :UDP 500(ISAKMP)
    :UDP 4500
    :VPN address: xxx.xxx.xxx.xxx

    :but, it still didn't work.

    Have you configured isakmp nat-traversal ? You need that if they
    are doing NAT and you want it to fall over to UDP 4500.

    Have you tried configuring without AH in your transform?
    --
    Look out, there are llamas!
    Walter Roberson, Oct 28, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. GVB
    Replies:
    1
    Views:
    2,790
    Martin Bilgrav
    Feb 6, 2004
  2. Replies:
    1
    Views:
    646
  3. Svenn
    Replies:
    3
    Views:
    720
    Svenn
    Mar 13, 2006
  4. Doug Fox

    Ports for Clientless VPN on Cisco VPN 3000 Series

    Doug Fox, Sep 9, 2005, in forum: Computer Security
    Replies:
    2
    Views:
    681
    Imhotep
    Sep 9, 2005
  5. Michelle J W

    Cisco PIX to PIX VPN issue

    Michelle J W, Mar 19, 2008, in forum: Cisco
    Replies:
    1
    Views:
    1,452
    networkzman
    Mar 20, 2008
Loading...

Share This Page