Cisco c1751 to c831 VPN

Hello

I have alreay solve the problem.

the problem was that on the c831 router's public interface I have forwarded tcp and udp 500 ports from checkpoint machine.

so the tunnel coudn't be established.
I've changed and it works !

By the way can I change it somehow on which ports the tunnel is established or is it fixed ?

Thanks.

Never needed to change the ports on which the VPN Tunnel works on and I wouldn't suggest it either as it can cause problems.

If there is no reason to change ports, leave them as is!

Cheers,

Yes but now my Checkpoint vpn connection doesn't work as I had to stop forwarding port 500 from checkpoint firewall.

But Cisco vpn is now more important so I'll leave it as is and maybe try to change some port settings on Checkpoint.

Thank You.

Chris is right, you never have to change the vpn tunnel port.

Only needs to permit the following port on the outside interface,

access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq non500-isakmp
access-list 111 permit tcp any any eq 10000
access-list 111 permit udp any any eq 10000

apply access-list to the outside interface, hope this help.

Cheers!

Ok,

but I cannot have both Checkpoint fw and Cisco router listening on the same ports on the same outside intreface.

But as I said it's not a problem ... Cisco vpn is now for me more important.

Thanks