04-17-2011 12:44 PM - edited 03-11-2019 01:22 PM
Hi
if y need to enable VPN IPSec through the firewall. y just need to need to allow the port 4500?
04-17-2011 03:21 PM
It really depends on whether there is NAT or not between the 2 IPSec VPN sites.
By default, here is the IPSec VPN protocol:
- UDP/500 (Phase 1)
- ESP protocol (Phase 2)
And since ESP protocol can't be NATed as it is not a TCP or UDP port, but a protocol, you can enable the VPN peer with NAT-T (NAT-Transparency) which by default run on UDP/4500. It encapsulates the ESP procotol into UDP/4500 so it can be NATed if it's required.
In this case, the IPSec VPN protocol is:
- UDP/500 (Phase 1)
- UDP/4500 (Phase 2)
Hope this helps.
04-18-2011 11:36 AM
thanks Halim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide