I just configured some access lists and I am not sure what ports to enable to allow VPN connections through windows 2000 RAS VPN. Can you tell me what ports and protocals I should enable? A sample extended access list would be great.
A basic configuration for allowing VPNs through (this is specific to IPSec VPNs, I'm not exactly sure what ports Win2000 VPNs use, you'll have to either look it up, or sniff the path to see what ports/protocols are being used.)
ip access-list extended VPN-ACCESS
permit udp x.x.x.x y.y.y.y x.x.x.x y.y.y.y eq 500
permit 50 x.x.x.x y.y.y.y x.x.x.x y.y.y.y
permit 51 x.x.x.x y.y.y.y x.x.x.x y.y.y.y
deny ip any any log
You'll have to allow this both inbound and outbound. Its best to specify the specific hosts you are connecting via VPNs with the x.x.x.x y.y.y.y (via a host x.x.x.x), but if you have more than one VPN, at least try and get it down to the subnet (ie do not do a 'permit udp any any eq 500).
Like I said, those protocols (50 and 51) and ports (UDP 500) are specific to IPSec VPNs, they may or may not be the same for Win2k VPNs. But you definately need both protocols and ports, since VPNs operate on different protocols (other than IP, hence the 'permit 50 ...)
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.