How to allow Cisco VPN client pass-through with Symantec firewall

Article:TECH81024  |  Created: 2003-01-31  |  Updated: 2006-01-06  |  Article URL
Article Type
Technical Solution



You need instruction to pass connections from Cisco VPN client through your security gateway.


Cisco uses port 10000/TCP for their VPN client to pass encrypted TCP traffic. To use this port on your Symantec security gateway, you must create a rule to allow the TCP traffic to pass through the firewall.

Note: Cisco VPN client software version 4.05 and later may use port 4500.

To create a rule for the firewall to pass Cisco VPN client traffic on port 10000/TCP
  1. Connect to your firewall with the Symantec Raptor Management Console.
  2. In the left pane, expand Base Components and right-click Protocols.
  3. Choose New > Protocol to create a new protocol.
  4. On the General tab, type the following:
    Name: Encrypted_TCP
    Description: Encrypted TCP for Cisco VPN Client
    Base Protocol: TCP
  5. Check the "Display in Rule Window" box.
  6. On the TCP/UDP Port Ranges tab, type the following:
    Destination Port Range: 10000-10000
    Source Port Range: 1024-65535
  7. Click OK.
  8. Create a new rule with the appropriate source, destination, and interfaces. In the Services tab, add Encrypted_TCP to Included Services.
  9. Click Save and Reconfigure.

Cisco VPN client traffic now passes through your gateway.

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices