Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

Which port number and protocol should be allowed through the firewall , for a IPSEC site to site vpn ?

user-image
Question added by Sukesh Deswal , Senior network engineer , Sungard Availability Services
Date Posted: 2016/07/05
Ahmed Elkhidir
by Ahmed Elkhidir , Cyber Security consultant , ARO Drilling

500, 4500 UDP are the two ports which must opened to start neotiate IPSEC teunnel information

SIVA RAMA PRASAD PILLA
by SIVA RAMA PRASAD PILLA , IT Support Engineer , Adaptive Mobile Security Solutions India Pvt Ltd

UDP port 500 and 4500 should be used

Bashar Zameer
by Bashar Zameer , Network Admin , IBM

Ports UDP 500 and 4500.

Don't get confuse. UDP 500 is for ISAKMP for negotiating IKE phase1 and it is default port for ISAKMP, used when there is no NATing in path of VPN traffic.

While dealing with NATing device, the packet will get dropped if PAT is configured. So to allow that traffic to pass through NAT, every device should allow port UDP 4500.

 

Hope you got the difference.

mohammed bedrouni
by mohammed bedrouni , Ingénieur en Informatique , Université des Sciences et de la Technologie Houari-Boumediene USTHB

We need to permit udp 500 for isakmp and ESP (ip protocol 50) for the actual tunnel.

 

If there is a nat device sitting in between the VPN endpoints  then you need to permit udp 4500 for nat-t.

Vipin Chaudhary
by Vipin Chaudhary , Senior Security Analyst , Inspira Enterprise india ltd

We need to permit udp 500 for isakmp and ESP (ip protocol 50) for the actual tunnel.

Syed Nadeem Uddin
by Syed Nadeem Uddin , Network Security Engineer , Smiths Detection

UDP 4500 and 500 should be allowed for IPsec VPN Tunnel.

Syed Abdul Muqtader Razvi
by Syed Abdul Muqtader Razvi , IT Infrastructure and Cyber Security Specialist , AL Rowad Educational Group

To allow IPSec traffic to go through firewalls you should open UDP port and permit IP protocols numbers and on both inbound and outbound filters of firewall. 

Port UDP is opened to permit Internet Security Assiciation and key Management Protocol (ISAKMP) through your firewall.

IP protocol ID should be permitted to allow Encapsulating Security protocol (ESP) traffic through firewall.

IP protocol should be permitted to allow Authentication Header(AH) traffic through firewall.

If NAT-T is in use additionally we have permit UDP port.

 

Sanil PK
by Sanil PK , Security Administrator , Horizon Energy LLC

UDP port 500 and 4500.

IP port 50 and 51 for ESP and AH.

permit these port numbers to allow ipsec suite.

Muazzam Ali Khawaja
by Muazzam Ali Khawaja , Assistant Accountant , Pakistan Telecommunications company limited

To make IPsc work through your firewalls, you should open UDP port 500 and permiot IP protocol numbers 50 and 51 on both inbound and out bound firewall filters.

 

More Questions Like This