<div>
Thanks - That is what i've been reading too. I had the 3rd party company take their router back. Instead they are going to do a site to site vpn with us! Thankfully this is VERY simple because they are using Cisco ASA's too!
</div>


Thanks - That is what i've been reading too. I had the 3rd party company take their router back. Instead they are going to do a site to site vpn with us! Thankfully this is VERY simple because they are using Cisco ASA's too!

<div>
<div class="content wysiwyg-content">
We currently have an ASA with site to site VPN and anyconnect VPN being utilized. We received a third party &nbsp;cisco router which will &nbsp;be used to initiate their own site to site VPN from inside our local LAN to their LAN through our ASA. <br />
<br />
1. What we would like to know is if the following ports listed below would interfere with ports for site to site VPN and anyconnect VPN?<br />
<br />
2. Would NAT Traversal be required on our ASA? 5540(config)#crypto isakmp nat-traversal<br />
<br />
<br />
SSH<br />
- allow access from xxxxx on TCP Port 22<br />
<br />
ICMP<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- allow access from xxxxx - protocol 1 <br />
<br />
ISAKMP<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; - allow access to xxxxx on UDP Port 500, also add UDP 4500 for NAT-T<br />
<br />
ESP<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- allow access to/from xxxxx - protocol 50<br />
<br />
Certificate port:<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- allow access to/from xxxxx &nbsp;on TCP port 8080<br />
<br />
NTP port:<br />
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;- allow access to/from xxxxx on UDP port 123
</div>
</div>


We currently have an ASA with site to site VPN and anyconnect VPN being utilized. We received a third party  cisco router which will  be used to initiate their own site to site VPN from inside our local LAN to their LAN through our ASA. 

1. What we would like to know is if the following ports listed below would interfere with ports for site to site VPN and anyconnect VPN?

2. Would NAT Traversal be required on our ASA? 5540(config)#crypto isakmp nat-traversal


SSH
- allow access from xxxxx on TCP Port 22

ICMP
               - allow access from xxxxx - protocol 1 

ISAKMP
              - allow access to xxxxx on UDP Port 500, also add UDP 4500 for NAT-T

ESP
               - allow access to/from xxxxx - protocol 50

Certificate port:
               - allow access to/from xxxxx  on TCP port 8080

NTP port:
               - allow access to/from xxxxx on UDP port 123

Cisco ASA - Initiate a VPN from a cisco router on the local LAN behind ASA?

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).