Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
332
Views
0
Helpful
1
Replies

Permitting traffic to the VPN Conc cluster address

mmelbourne
Level 5
Level 5

‎01-09-2005 11:19 AM

What is the minimum traffic which should be permitted to reach a VPN Cluster address (assuming this can be restricted through an upstream router or within a firewall ruleset) from the outside world?

My understanding is that the VPN client will first connect to the virtual cluster address and then be redirected to the Public IP address one of the cluster members during IKE negotiation. This implies that only UDP 500 (and the port associated with IPSec over TCP, e.g. 10000) need be permitted to the virtual cluster address. Therefore ESP, UDP 4500, UDP 10000 need only be permitted to the Public IP addresses of the cluster members.

Labels:
0 Helpful
1 Reply 1

umedryk
Level 5
Level 5

‎01-13-2005 07:22 AM

There is no such defined minimum traffic that can be permitted to reach the VPN cluster address.

0 Helpful
Customers Also Viewed These Support Documents