-1

I've a Cisco ASA 5510 with transparent mode, and I'm going to setup a IPsec VPN(Openswan) in a internal linux server(with Public IP). This server has 2 NIC, 1 public IP, and 1 internal IP.

I've opened port 500 and 4500 in the Cisco firewall, however, the vpn still doesn't work.

Do I need to change any setting in the Cisco firewall?

Thanks!

user3114168
  • 121
  • 1
  • 1
  • 4

1 Answers1

2

UDP port 500 is only used for the initial handshake. If you're running IPsec in transport mode, the actual secured traffic is ESP-encapsulated. So you will also need to let all ESP-encapsulated packets through. This is not TCP or UDP traffic, but a different protocol on top of IP.

Dennis Kaarsemaker
  • 19,277
  • 2
  • 44
  • 70