[c-nsp] VPN blocked from access list
Nate Carlson
natecars at real-time.com
Mon Aug 23 23:02:52 EDT 2004
On Mon, 23 Aug 2004, Luan Nguyen wrote:
> the lazy way out would be just enable IPSEC, L2TP and PPTP :)
>
> IPSEC uses udp port 500 for ISAKMP and ESP = protocol 50 might as well allow
> AH = protocol 51
Don't forget 4500/udp, that's the standards-compliant port for UDP
encapsulation, used for NAT Traversal. Many VPN clients (including XP's
IPSec stack if it's patched manually or with SP2) now use this if the
server supports it.
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-nat-t-ike-08.txt
--
Nate Carlson <natecars at real-time.com> | Phone : (952)943-8700
http://www.real-time.com | Fax : (952)943-8500
More information about the cisco-nsp
mailing list