Today I was setting up a VPN server and had to figure out what ports and protocols to enable on our Cisco PIX 515E firewall. Here they are:
PPTP:
To allow PPTP tunnel maintenance traffic, open TCP 1723.
To allow PPTP tunneled data to pass through router, open Protocol ID 47.
L2TP over IPSec
To allow Internet Key Exchange (IKE), open UDP 500.
To allow IPSec Network Address Translation (NAT-T) open UDP 4500.
To allow L2TP traffic, open UDP 1701.
Here’s the Cisco access list: (gre=Protocol ID 47, pptp=1723, isakmp=500)
access-list OUTSIDE permit gre any host OUTSIDEIP
access-list OUTSIDE permit tcp any host OUTSIDEIP eq pptp
access-list OUTSIDE permit udp any host OUTSIDEIP eq 1701
access-list OUTSIDE permit udp any host OUTSIDEIP eq 4500
access-list OUTSIDE permit udp any host OUTSIDEIP eq isakmp
(edited to update UDP port 5500 to 4500 as noted in the comments)
Steven, correct me if I am wrong, but I believe NAT-T is port UDP 4500 NOT UDP 5500.
I want to connect PPTP port
how can i connect in SLES 10 SP1
Thanks! Needed these in a jiffy!
thanks, i needed the L2TP ports, you saved me some time.
I was trying to set this up at home but the packet filter kept saying protocol 17 was trying to connect outbound???
You need also to open protocol ID 50, if you’re using IPSec to make L2TP working fine.
PPTP is not very secure, use at your own risk.