TCP and UDP ports used for the Cisco VPN client

Three different methods:

  1. NAT Traversal – This method still uses 500/udp for IKE negotiation, but then tunnels IPSec data traffic within 4500/udp packets. This is the default method for UDP tunneling with the Cisco VPN client
  2. IPSec over UDP – This method still uses 500/udp for IKE negotiation, but then tunnels IPSec data traffic within a pre-defined UDP port. The default port for this traffic is 10000/udp.
  3. IPSec over TCP – This method tunnels both the IKE negotiation and IPSec data traffic within a pre-defined TCP port. The default port for this traffic is 10000/tcp. This is the only method that tunnels both IKE and IPSec within the same stream.