TCP and UDP Ports used for the Cisco VPN Client

Home

TCP and UDP Ports used for the Cisco VPN Client

NetCraftsmen Staff Blogs

Our blog space holds articles on a variety of technical topics.

TCP and UDP Ports used for the Cisco VPN Client

Posted by: Rob Chee on Jan 23, 2009

Tagged in: VPN , UDP Ports , TCP Ports , PAT , NAT Traversal , Cisco VPN Client

The Cisco VPN client is the client side application used to encrypt traffic from an end user's computer to the company network. IPSec is used to encrypt the traffic. When using standard IPSec, IKE is used for the key negotiation and IPSec to encrypt the data. IKE uses UDP port 500 and IPSec uses IP protocol 50, assuming ESP is used.

In most situations, there is a PAT device between the VPN client and the head end VPN device. PAT works by differentiating users by the UDP or TCP port used. Since IPSec uses IP protocol 50, it is impossible for more than one user to connect to the VPN device, through the PAT. This is because the IP protocol operates at layer 3 of the OSI reference model and PAT functionality exists at layer 4. For this reason, there are three different methods of tunneling IPSec traffic. It is important to understand the ports used for the different methods to ensure that those ports are not blocked.

NAT Traversal - This method still uses 500/udp for IKE negotiation, but then tunnels IPSec data traffic within 4500/udp packets. This is the default method for UDP tunneling with the Cisco VPN client
IPSec over UDP - This method still uses 500/udp for IKE negotiation, but then tunnels IPSec data traffic within a pre-defined UDP port. The default port for this traffic is 10000/udp.
IPSec over TCP - This method tunnels both the IKE negotiation and IPSec data traffic within a pre-defined TCP port. The default port for this traffic is 10000/tcp. This is the only method that tunnels both IKE and IPSec within the same stream.

Posted by Rob Chee

Comments (0) Add Comment

Add Comment

Subscribe to this comment's feed

Write comment

Blog Categories

Resources

Blog Contributors

Tags

10 Gbps Ethernet 3G 7z 802.11 802.11 basics 802.11 course 802.11 project management 802.11 Traffic Flows 802.11 Wireless LAN 802.11n AAA About Chesapeake NetCraftsmen Accounting Acrobits Acrobits Softphone AD Group Membership AD SSO Advanced Settings Tool alias anti-spoofing filters anti-virus anyconnect AnyConnect VPN AP vendor API Apple Apple iPhone ASA AT&T Attacks Attendant Console Audit AXL Background Images Backup bandwidth BDP BFD BGP BGP neighbor soft-reconfiguration BGP redistribution BGP Route Reflector Design BGP Soft Reset biomedical NAC bit error rate Bluetooth BNAC Boolean Expressions botnets bug business case C-MUG Call Globalization Call Optimization Call Queuing CallManager CallManager Express case study Catalyst 4500 Catalyst 6500 CCA CCDE CCDE practical CCDE written CCDE written practice CCIE CCIE Written CEF Certification CFUR Chesapeake NetCraftsmen CIPTUG Cisco Cisco 6500 Cisco 7200 Cisco Call Manager Cisco CallManager Cisco Design Zone Cisco Express Forwarding Cisco Live Cisco MPLS Cisco NAC Profiler Cisco Networkers Cisco Phone Designer Cisco router Cisco switch Cisco TFTP Cisco Unified Presence Cisco VPN Client Cisco WebEx CiscoLive class of restriction CLI clinical data clinical life critical clinical network cloud computing CM co-channel interference COBRAS Communications Manager compliance configuration management configuration policy Contact Center Contact Center Express converged network copSSH Corporate Directory CRS CRS authenticate user CRS Scripts CSA MC CUCM CUCM CLI CUCM troubleshooting CUCME CUPS customer mpls vpn customer mpls wan cygwin data center data center consolidation data center design data center infrastructure data center interconnect data center migration data center switches data center virtualization David Hailey DCB DCI debug debugging design device configuration device discovery device groups device modeling devicelistx diagnostic tools diagnostics dial plan Directory Synchronization DirSync DNS SRV dual carrier MPLS VPN dual carrier MPLS WAN dual data center Dual WAN routing Dynagen Dynamips EIGRP email email security enterprise mpls vpn Enterprise MPLS WAN EoL2TPv3 EoMPLS ESX server NIC teaming etherchannel etherchannel mismatch Ethernet over MPLS event analysis event logs Exchange Exchange 2003 Exchange 2007 Exchange 2010 Expect Export extended VLAN failure domains Fast Rerouting FDCC fiber cuts fiber farm file transfer FIPS 140 Firefox firewall firmware upgrade full mesh fusion fusion router gotchas H.323 Hairpin Hairpin calls health care network design health care QoS healthcare network high availability iBGP IGP IIS Resource impact of packet loss Import Infrastructure Integrated Messaging interface groups IOS IOS 12.4 IOS SSL ip multicast IP Phone Services IP Teleconferencing IP VideoConferencing IPCCX iPhone iPhone SIP Clients IPS IPv6 IPv6 addressing IPv6 addressing plan IPv6 Summit ISAKMP Java JRE jumbo L2 MPLS VPN L2 over L3 Lab large VLAN Layer 2 Layer 2 over Layer 3 Layer 2 Switching Layer 2 tunnel Layer 3 OOB layer 3 switching LDAP load balancer load balancing local preference Local Route Groups logparser mac address flapping malware MARS Mathis equation Mathis formula medical grade network Meet The Expert Meeting Center Message Store Configuration Wizard MGCP Microsoft Microsoft Office Communications Server Microsoft Unified Communications Migrating to Unity Connection Migration moving server virtually between zones MPLS MPLS QoS mpls routing MPLS VPN MPLS VPN customer routing MPLS VPN WAN MPLS WAN MSS MTTR Multi-VRF multicast multicast best practices multicast in a vrf multicast vrf lite Music On Hold MWI N2K N5K NAC NAC API NAC Appliance NAC design NAC roles NAC Server NAT NAT Traversal NCCM NCM net-snmp NetCraftsmen NetCraftsmen recruiting netflow NetMRI NetMRI trial Network Address Translation network analysis Network Compliance Manager network discovery network health network hygiene network management network monitoring network outages network virtualization Networkers Nexus Nexus 2000 Nexus 5000 Nexus 7000 NMS Non Stop Forwarding Non-Stop Forwarding NPIV NPV NSF NX-OS OMB openSSH optimal routing OSI layer OTV Out-of-band Outlook Overlay Transport Virtualization P2V packet captures packet loss PAT Patching PCA PCI PCI audit performance routing PERL netflow interpreter PERL script Personal Communications Assistant PfR Phone Customization physical to virtual conversion PIN security ping-pong PIX podcast port-based EoMPLS port-channel port-security sticky pre-site survey prefix-list Presence presentation PRI Testing problem management prompt management protocol analysis pseudo-wire pseudowire PWE Q.SIG QoS Qos for softphone QoS for videoconferencing QoS in 6500 QoS policy for voice QoS with VSL quality of service radio considerations radio frequency redistribution redundancy REGEX REGEX practice regular expression Replication Restore Return Receipt RF RisPort ROI route reflectors router Routing convergence routing loop RSS feeds RTT rural fiber network SAN virtualization script Security security patches server configuration server etherchannel server virtualization SFTP shared services show ip cache flow SIP SIP Clients for iPhone SIP VoIP Phone for iPhone SLA slow slow application behavior smime snmp SNMP ifIndex snmp polling snmp traps SOAP spanning tree Spanning Tree loop SQL SRST SSL SSL Certificate SSL VPN SSO standard network architecture standardization Stateful Switchover static routes Sup720-10G syslog TAC TCL TCP TCP performance TCP Ports TCP throughput Telecom Telecom Reseller test Testing throughput tools top of rack topology trace trojan troubleshooting Troubleshooting 802.11 TRP Trunk Testing Trusted Relay Point TTL exceeded UC UC 7x UC on UCS UC Operations UC500 UC520 UCCX UCCX Scripts UDP Ports UM unified access Unified Communcations Unified Communications Unified Messaging Unity Unity Conection Unity Connection Unity troubleshooting Upgrade Using 10G ports Sup720 Using XML UTIM VDC virtual desktop virtual machine Virtual Network Overlay virtual pod Virtual Switch Link virtualization vlan vlan-based EoMPLS VMWare VMware products VMware vSphere 4.0 glossary vmworld VNO Voice Voice Messaging voicecon Voicemail Voicemail Relay VoIP VoIP Metrics VoIP over 3G voip troubleshooting VPC VPN VRF VRF into GRE vrf lite VRF-Lite VSL vSphere VSS WAN WAP vendor web logging WebEx WebEx Meeting Center WebEx Meeting Center for iPhone WeePhone weight WiFi WiFi Basics WiFi channels WiFi course WiFi vendors WinPCAP wireless wireless course wireless LAN wireless project management Wireless Project Plan Wireless Project Planning wireless requirement gathering WLAN WLAN course WLAN project management WLAN Traffic Flows WSUS X-Lite xconnect zeus

Copyright © 2010 Chesapeake NetCraftsmen. Designed by Montano Designs