I am about to install a 3000 series concentrator and move the VPN groups\nthat are currently on our PIX to the new box. I have had to have the\nnetwork group at one of our larger clients open up the required set of ports\nwhich we use with our current implementation. They have stated, with backup\nfrom their Cisco rep, that this should not be required if we were on the\nlatest revision of the VPN. I assume from this that I will be able to set\nthis up so that the client can use the "Use IPSec over TCP" option. Where\ncan I find exactly what ports need to be available for this new version to\nwork? What we currently need is listed below:\n\nIP Protocol ID 50 - Encapsulating Security Protocol (ESP)\nIP Protocol ID 51 - Authentication Header (AH)\nUDP Port 500 - ISAKMP\n\nI note that none of the messages that I have viewed on this site seem to\nindicate that the newer connection method is the magic bullet that my\ncustomer seems to be convinced that it is.