1. Firewalls

VPN clients contact the VPN servers in the netblock

VPN clients will be given an IP address from the private IP ranges of or These private addresses will be mapped to a public IP in the netblock by the use of dynamic PAT.

The protocols and ports used will depend on whether you are using the older Cisco VPN client, the newer AnyConnect client or a 3rd party or native client.

The Cisco VPN client can operate in one of three transport modes. The client needs access to the following protocols and ports. These details are also relevant to most native clients capable of connecting to the OUCS VPN Service including the OS X native VPN client and clients on iPhone, iPod touch and iPad, as well as many 3rd party clients.

Transport ModeProtocols/Ports
IPSec ESP (IP protocol 50), UDP port 500
IPSec/TCP TCP port 10000
IPSec/UDP UDP ports 500, 10000

The Cisco AnyConnect VPN client requires an SSL tunnel and optionally a DTLS tunnel.

SSL TCP port 443
DTLS UDP port 443

The VPN service blocks the following ports at the request of the University Security Team:

TCP 135 DCE endpoint resolution
TCP 445 Microsoft-DS

Up: Contents Next: 2. Clients