Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
252
Views
0
Helpful
1
Replies

VPN ports question

charles.manley
Level 1
Level 1

‎02-06-2003 09:17 AM - edited ‎02-21-2020 12:20 PM

When a client is connecting via a remote network using IPSec over TCP does that port require an inbound/outbound rule on the remote firewall or can the firewall just have an outbound rule and as long as the client can go out it should be able to return? I've heard different views here, but I have to come up with a document to send to the admins of the remote network and want to make sure what I'm sending them is correct. I realize there could be exceptions, but generally speaking doe IPSec traffic follow typical IP rules when encapsulating?

Labels:
0 Helpful
1 Reply 1

m.singer
Level 4
Level 4

‎02-12-2003 09:31 AM

To the best of my knowledge, if the flow in the outbound direction (from higher to lower level) is permitted through a firewall, the corrosponding inbound traffic is permitted too. However, as with all great things, it is not exactly that simple. Lets say, a host sitting on the inside interface is accessing a resource on the outside interface. Lets say that the default ASA behaviour and the NAT configurtions allow the outbound request to pass through, the corrosponding response packets from the outside server will be allowed through to the inside interface... provided that the response comes before the translations time out. This also means that just because a host on the inside can access a server on the outside, the sever does not necessarily have the capacity to initiate communication with the host on the inside.

0 Helpful
Customers Also Viewed These Support Documents