Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3707
Views
0
Helpful
6
Replies

IPSEC over UDP or TCP

jpersyn
Level 1
Level 1

‎06-19-2002 11:55 PM - edited ‎02-21-2020 11:49 AM

I want to know what to do best, tunnel the IPSEC traffic over UDP/10000 or tunnel the traffic over TCP/80 ?

What's the most secure option and why, Iprefer the tunnel over TCP/80 because I feel that UDP traffgic isn't that secure.

Labels:
0 Helpful
6 Replies 6

ali-franks
Level 1
Level 1

‎06-20-2002 03:20 AM

Not sure what you mean here because IPSec uses protocol numbers 50 (ESP) and 51 (AH). IKE (UDP port 500) is used to establish security associations

Ali

0 Helpful

gmiiller
Level 1
Level 1

‎06-20-2002 09:15 PM

IPSEC over TCP has the advantage of support NAT/PAT firewall, including things like Gauntlet proxy firewalls if you use a plug-proxy. IPSec/UDP won't support all those options. The advantage with the TCP option is that its most palatable to firewall admins. I don't know whether port 80 is your best option, though, depending on how you're planning on managing your concentrator. Also, firewall admins can get a bit antsey if you try and sneak an Ipsec connection through their firewall by tunneling over TCP/80. It can be better to be up front about it and use a different port that is specifically allowed to the remote concentrator only.

0 Helpful

jpersyn
Level 1
Level 1
In response to gmiiller

‎06-21-2002 03:46 AM

Some clarification:

I prefer to tunnel the IPSEC over TCP/80 to bypass NAT/PAT/firewall devices, the reason I am uisng port 80 is because that it's almost at every company allowed, thus if we want to setup a VPN connection between our company and a 3th party ther's less or none configuration to be done.

We also have a lot of employees working at customers, allowing them to setup a VPN tunnel to our network will be more easiliy over TCP/80 than any other port. I also know that the 3th parties need to be informed if we implement this !.

I already know why to use TCP instead of UDP, but I want to know if there any security issues using UDP or TCP for a tunnel of IPSEC !

I just want to know what's more secure, IPSEC over UDP or TCP and why.

0 Helpful

Not applicable
In response to jpersyn

‎06-23-2002 09:55 PM

0 Helpful

afakhan
Level 4
Level 4
In response to jpersyn

‎06-23-2002 09:59 PM

Hi,

TCP option is more relaible offcourse, bcoz of TCP being connection oriented & reliable as compared to UDP being unreliable and non-connection oriented.

Which ever you use, its just used as a wrapper fo original IPsec packet, so not much concern abt security, as these wrappers are removed completely, as packets go for decryption on either side o the tunnel.

PS: If you use TCP80 on the vpn3k for this purpose, you wont be able to manage the box at that port via http, can use any non-standard port or https://

Thanks,

Afaq

0 Helpful

jpersyn
Level 1
Level 1
In response to afakhan

‎06-25-2002 06:56 AM

Hi,

I'm only concerned that i need to open a UDP port through my Firewalls and was looking for some security risks there.

I'm aware that the use of TCP/80 to tunnel the traffic disables the option to mange the VPN concentrator, but this is only for the public interface. I still can manage the vpn concentrator through the private interface

0 Helpful
Customers Also Viewed These Support Documents