How to allow Cisco VPN client pass-through with Symantec firewall

Article:TECH81024  |  Created: 2003-01-31  |  Updated: 2006-01-06  |  Article URL http://www.symantec.com/docs/TECH81024
Article Type
Technical Solution


Environment

Issue



You need instruction to pass connections from Cisco VPN client through your security gateway.


Solution



Cisco uses port 10000/TCP for their VPN client to pass encrypted TCP traffic. To use this port on your Symantec security gateway, you must create a rule to allow the TCP traffic to pass through the firewall.


Note: Cisco VPN client software version 4.05 and later may use port 4500.


To create a rule for the firewall to pass Cisco VPN client traffic on port 10000/TCP
  1. Connect to your firewall with the Symantec Raptor Management Console.
  2. In the left pane, expand Base Components and right-click Protocols.
  3. Choose New > Protocol to create a new protocol.
  4. On the General tab, type the following:
    Name: Encrypted_TCP
    Description: Encrypted TCP for Cisco VPN Client
    Base Protocol: TCP
  5. Check the "Display in Rule Window" box.
  6. On the TCP/UDP Port Ranges tab, type the following:
    Destination Port Range: 10000-10000
    Source Port Range: 1024-65535
  7. Click OK.
  8. Create a new rule with the appropriate source, destination, and interfaces. In the Services tab, add Encrypted_TCP to Included Services.
  9. Click Save and Reconfigure.

Cisco VPN client traffic now passes through your gateway.






Legacy ID



2003033110383354


Article URL http://www.symantec.com/docs/TECH81024


Terms of use for this information are found in Legal Notices