Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
5
Helpful
3
Replies

port open

Mary
Level 1
Level 1

‎01-06-2018 06:22 PM - edited ‎03-12-2019 04:53 AM

I was told to open both ipsec phase 1 and phase 2 port, may I know the command to open the port? thanks

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-06-2018 07:41 PM

What device are you doing this on?

 

Generally speaking you need to allow ip protocol 50 and 51 as well as udp port 500. 

Mohammed al Baqari
Level 11
Level 11
In response to Marvin Rhoads

‎01-06-2018 08:00 PM

+5 Marvin. I think udp/4500 as well for nat-t
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Mohammed al Baqari

‎01-06-2018 08:48 PM - edited ‎01-06-2018 08:49 PM

Right -the udp 4500 is only necessary if there’s a device between the tunnel endpoints doing NAT. 

 

Protocol 50 - ESP (Encapsulating Security Protocol)

Protocol 51 - AH (Authentication Header)

udp/500 - ISAKMP (Internet Security Association and Key Management Protocol)

udp/4500 - NAT-T (Network Address Translation - Traversal)

 

0 Helpful
Customers Also Viewed These Support Documents