I'm trying to create a policy to allow specific workstations to connect through a Cisco VPN client to one of our partner businesses. The client is:
Cisco Systems VPN Client Version 4.8.01.0300
It is using "Enable Transparent Tunneling" by "IPSec over UDP ( NAT / PAT )"
My problem is determing exactly which UDP ports this uses. Based on info from our partner site, I've attempted the following UDP ports to no avail:
However, if I set the policy to allow ALL UDP ports (1-65535) then the connection is successful.
Is there an easy way of discovering which ports are actually being used?
I figured it out the old-fashioned way: by narrowing down the Application from All UDP Ports bit by bit until I isolated the needed ports.
Turns out that I needed UDP 500 and UDP 4500.
Sorry about not responding earlier, it appears that you are good to go.
I just wanted to mention that the audit viewing would be good in this situation as well. You could see what port(s) the firewall was blocking.