Today I was setting up a VPN server and had to figure out what ports and protocols to enable on our Cisco PIX 515E firewall. Here they are:
PPTP:
To allow PPTP tunnel maintenance traffic, open TCP 1723.
To allow PPTP tunneled data to pass through router, open Protocol ID 47.
L2TP over IPSec
To allow Internet Key Exchange (IKE), open UDP 500.
To allow IPSec Network Address Translation (NAT-T) open UDP 4500.
To allow L2TP traffic, open UDP 1701.
Here’s the Cisco access list: (gre=Protocol ID 47, pptp=1723, isakmp=500)
access-list OUTSIDE permit gre any host OUTSIDEIP
access-list OUTSIDE permit tcp any host OUTSIDEIP eq pptp
access-list OUTSIDE permit udp any host OUTSIDEIP eq 1701
access-list OUTSIDE permit udp any host OUTSIDEIP eq 4500
access-list OUTSIDE permit udp any host OUTSIDEIP eq isakmp
(edited to update UDP port 5500 to 4500 as noted in the comments)
June 29th, 2006 at 6:51 am
Steven, correct me if I am wrong, but I believe NAT-T is port UDP 4500 NOT UDP 5500.
April 11th, 2008 at 7:35 am
I want to connect PPTP port
how can i connect in SLES 10 SP1
April 23rd, 2010 at 5:17 pm
Thanks! Needed these in a jiffy!
March 30th, 2011 at 11:15 am
thanks, i needed the L2TP ports, you saved me some time.
August 15th, 2011 at 12:37 am
I was trying to set this up at home but the packet filter kept saying protocol 17 was trying to connect outbound???