How to allow Cisco VPN client pass-through with Symantec firewall
|Article:TECH81024|||||Created: 2003-01-31|||||Updated: 2006-01-06|||||Article URL http://www.symantec.com/docs/TECH81024|
You need instruction to pass connections from Cisco VPN client through your security gateway.
Cisco uses port 10000/TCP for their VPN client to pass encrypted TCP traffic. To use this port on your Symantec security gateway, you must create a rule to allow the TCP traffic to pass through the firewall.
Note: Cisco VPN client software version 4.05 and later may use port 4500.
To create a rule for the firewall to pass Cisco VPN client traffic on port 10000/TCP
- Connect to your firewall with the Symantec Raptor Management Console.
- In the left pane, expand Base Components and right-click Protocols.
- Choose New > Protocol to create a new protocol.
- On the General tab, type the following:
Description: Encrypted TCP for Cisco VPN Client
Base Protocol: TCP
- Check the "Display in Rule Window" box.
- On the TCP/UDP Port Ranges tab, type the following:
Destination Port Range: 10000-10000
Source Port Range: 1024-65535
- Click OK.
- Create a new rule with the appropriate source, destination, and interfaces. In the Services tab, add Encrypted_TCP to Included Services.
- Click Save and Reconfigure.
Cisco VPN client traffic now passes through your gateway.
Article URL http://www.symantec.com/docs/TECH81024