{"id":37,"date":"2005-12-07T10:59:17","date_gmt":"2005-12-07T16:59:17","guid":{"rendered":"http:\/\/www.steveneppler.com\/blog\/2005\/12\/07\/37"},"modified":"2007-10-17T10:26:41","modified_gmt":"2007-10-17T17:26:41","slug":"pptp-and-l2tp-ports","status":"publish","type":"post","link":"https:\/\/steveneppler.com\/blog\/2005\/12\/07\/pptp-and-l2tp-ports","title":{"rendered":"PPTP and L2TP Ports"},"content":{"rendered":"<p>Today I was setting up a VPN server and had to figure out what ports and protocols to enable on our Cisco PIX 515E firewall.  Here they are:<\/p>\n<p>PPTP:<br \/>\nTo allow PPTP tunnel maintenance traffic, open TCP 1723.<br \/>\nTo allow PPTP tunneled data to pass through router, open Protocol ID 47.<\/p>\n<p>L2TP over IPSec<br \/>\nTo allow Internet Key Exchange (IKE), open UDP 500.<br \/>\nTo allow IPSec Network Address Translation (NAT-T) open UDP 4500.<br \/>\nTo allow L2TP traffic, open UDP 1701.<\/p>\n<p>Here&#8217;s the Cisco access list: (gre=Protocol ID 47, pptp=1723, isakmp=500)<br \/>\n<code><br \/>\naccess-list OUTSIDE permit gre any host OUTSIDEIP<br \/>\naccess-list OUTSIDE permit tcp any host OUTSIDEIP eq pptp<br \/>\naccess-list OUTSIDE permit udp any host OUTSIDEIP eq 1701<br \/>\naccess-list OUTSIDE permit udp any host OUTSIDEIP eq 4500<br \/>\naccess-list OUTSIDE permit udp any host OUTSIDEIP eq isakmp<br \/>\n<\/code><\/p>\n<p>(edited to update UDP port 5500 to 4500 as noted in the comments)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today I was setting up a VPN server and had to figure out what ports and protocols to enable on our Cisco PIX 515E firewall. Here they are: PPTP: To allow PPTP tunnel maintenance traffic, open TCP 1723. To allow PPTP tunneled data to pass through router, open Protocol ID 47. L2TP over IPSec To &#8230; <a title=\"PPTP and L2TP Ports\" class=\"read-more\" href=\"https:\/\/steveneppler.com\/blog\/2005\/12\/07\/pptp-and-l2tp-ports\" aria-label=\"Read more about PPTP and L2TP Ports\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,4],"tags":[],"class_list":["post-37","post","type-post","status-publish","format-standard","hentry","category-cisco","category-on-the-job"],"_links":{"self":[{"href":"https:\/\/steveneppler.com\/blog\/wp-json\/wp\/v2\/posts\/37","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/steveneppler.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/steveneppler.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/steveneppler.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/steveneppler.com\/blog\/wp-json\/wp\/v2\/comments?post=37"}],"version-history":[{"count":0,"href":"https:\/\/steveneppler.com\/blog\/wp-json\/wp\/v2\/posts\/37\/revisions"}],"wp:attachment":[{"href":"https:\/\/steveneppler.com\/blog\/wp-json\/wp\/v2\/media?parent=37"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/steveneppler.com\/blog\/wp-json\/wp\/v2\/categories?post=37"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/steveneppler.com\/blog\/wp-json\/wp\/v2\/tags?post=37"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}