Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

Which port number and protocol should be allowed through the firewall , for a IPSEC site to site vpn ?

user-image
Question ajoutée par Sukesh Deswal , Senior network engineer , Sungard Availability Services
Date de publication: 2016/07/05
Ahmed Elkhidir
par Ahmed Elkhidir , Cyber Security consultant , ARO Drilling

500, 4500 UDP are the two ports which must opened to start neotiate IPSEC teunnel information

SIVA RAMA PRASAD PILLA
par SIVA RAMA PRASAD PILLA , IT Support Engineer , Adaptive Mobile Security Solutions India Pvt Ltd

UDP port 500 and 4500 should be used

Bashar Zameer
par Bashar Zameer , Network Admin , IBM

Ports UDP 500 and 4500.

Don't get confuse. UDP 500 is for ISAKMP for negotiating IKE phase1 and it is default port for ISAKMP, used when there is no NATing in path of VPN traffic.

While dealing with NATing device, the packet will get dropped if PAT is configured. So to allow that traffic to pass through NAT, every device should allow port UDP 4500.

 

Hope you got the difference.

mohammed bedrouni
par mohammed bedrouni , Ingénieur en Informatique , Université des Sciences et de la Technologie Houari-Boumediene USTHB

We need to permit udp 500 for isakmp and ESP (ip protocol 50) for the actual tunnel.

 

If there is a nat device sitting in between the VPN endpoints  then you need to permit udp 4500 for nat-t.

Vipin Chaudhary
par Vipin Chaudhary , Senior Security Analyst , Inspira Enterprise india ltd

We need to permit udp 500 for isakmp and ESP (ip protocol 50) for the actual tunnel.

Syed Nadeem Uddin
par Syed Nadeem Uddin , Network Security Engineer , Smiths Detection

UDP 4500 and 500 should be allowed for IPsec VPN Tunnel.

Syed Abdul Muqtader Razvi
par Syed Abdul Muqtader Razvi , IT Infrastructure and Cyber Security Specialist , AL Rowad Educational Group

To allow IPSec traffic to go through firewalls you should open UDP port and permit IP protocols numbers and on both inbound and outbound filters of firewall. 

Port UDP is opened to permit Internet Security Assiciation and key Management Protocol (ISAKMP) through your firewall.

IP protocol ID should be permitted to allow Encapsulating Security protocol (ESP) traffic through firewall.

IP protocol should be permitted to allow Authentication Header(AH) traffic through firewall.

If NAT-T is in use additionally we have permit UDP port.

 

Sanil PK
par Sanil PK , Security Administrator , Horizon Energy LLC

UDP port 500 and 4500.

IP port 50 and 51 for ESP and AH.

permit these port numbers to allow ipsec suite.

Muazzam Ali Khawaja
par Muazzam Ali Khawaja , Assistant Accountant , Pakistan Telecommunications company limited

To make IPsc work through your firewalls, you should open UDP port 500 and permiot IP protocol numbers 50 and 51 on both inbound and out bound firewall filters.

 

More Questions Like This