In article , Doug Fox wrote: :We are planning to deploy a Cisco VPN 3000 concentrator, which has firewall :functionality.
: In order to setup 1) site to site IP Sec VPN, 2) client to site IP Sec VPN :and 3) clientless VPN. Do I need to open http (80),
No.
:https (443),
This is needed for clientless VPN.
I have not configured a VPN 3000, so I do not know if you need to "open" https, or if it will be automatically opened when you enable SSL VPNs. You might only need to "open" https if you want to be able to pass an SSL VPN through a security gateway.
:988,
Never heard of it. I don't find any reference for it being used.
:imap4 protocol over TLS/SSL (993),
No.
:pop3 protocol over TLS/SSL (995),
No.
:and pptp (1732).
No. IPSec is distinct from PPTP.
:When the concentrator is scanned from the Internet, should I be able to see :these ports?
I haven't configured the VPN 3000. On the PIX, any port which is set to block, simply does not reply (unless you -specifically- turn on RST generation.)