how can allow this connection

Forum|Forum|9 years ago
October 12, 2016
1 reply
10657 views

Hello everyone,

i want allow connection from internet to one particular machine in my network through "Cisco AnyConnect Client"

below ports it require to allow this connection how can i open it:

ProtocolCisco AnyConnect Client Port

TLS (SSL)

TCP 443

SSL Redirection

TCP 80

DTLS

UDP 443

IPsec/IKEv2

UDP 500, UDP 4500

ProtocolCisco VPN Client (IPsec) Port

IPsec/NATT

UDP 500, UDP 4500

IPsec/NATT

UDP 500, UDP 4500

IPsec/TCP

TCP

IPsec/UDP

UDP 500, UDP X

i have allow connection as below please correct me :

Incoming interface(wan)------------>Source(all)----->outgoing interface(lan)--->destination address( machine IP) --service(http,https) , i did not find another ports , should i created or waht? please advise me.

thanks

CADAuthor

New Member

another Word, how to configure Cisco VPN through Fortigate.

we are running firmware 5.2.8 ,is this support my request.

please help me to do that.

Thanks

CADAuthor

New Member

Please check my configuration and advise me accordingly:

i am already create rule ( Status for the channel shown inactive.

FG200D (CIIPSec) # show full config vpn ipsec phase1-interface edit "CIIPSec" set type dynamic set interface "internet" set ip-version 4 set ike-version 1 set local-gw 0.0.0.0 set nattraversal enable set keylife 86400 set authmethod psk set mode aggressive set peertype any set mode-cfg enable set ipv4-wins-server1 0.0.0.0 set ipv4-wins-server2 0.0.0.0 set proposal aes256-md5 aes256-sha1 set add-route enable set localid '' set localid-type auto set negotiate-timeout 30 set fragmentation enable set dpd enable set forticlient-enforcement disable set comments "VPN: Cisco (Created by VPN wizard)" set npu-offload enable set dhgrp 2 set wizard-type dialup-cisco set xauthtype auto set authusrgrp "Cisco-Group" set default-gw 0.0.0.0 set default-gw-priority 0 set assign-ip enable set mode-cfg-ip-version 4 set assign-ip-from range set ipv4-start-ip 192.168.10.1 set ipv4-end-ip 192.168.10.20 set ipv4-netmask 255.255.255.0 set dns-mode auto set ipv4-split-include '' set split-include-service '' set unity-support enable set domain '' set banner '' set include-local-lan disable set save-password disable set client-auto-negotiate disable set client-keep-alive disable set psksecret ENC ************** set keepalive 10 set distance 15 set priority 0 set dpd-retrycount 3 set dpd-retryinterval 5 set xauthexpire on-disconnect next end

CADAuthor

New Member

FG200D(CIIPSec2) # show full-configuration config vpn ipsec phase2-interface edit "CIIPSec2" set phase1name "CIIPSec" set proposal aes128-sha1 set pfs enable set dhgrp 2 set replay enable set keepalive disable set add-route phase1 set keylife-type seconds set single-source disable set route-overlap use-new set encapsulation tunnel-mode set comments '' set protocol 0 set src-addr-type subnet set src-port 0 set dst-addr-type subnet set dst-port 0 set keylifeseconds 43200 set src-subnet 0.0.0.0 0.0.0.0 set dst-subnet 0.0.0.0 0.0.0.0 next end

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded