From: Mark Lewis (markl11@hotmail.com)
Date: Wed Jun 30 2004 - 08:03:17 GMT-3
It depends (doesn't it always :] ):
1. If it is IPsec then the standard ports are: AH (IP protocol 51), ESP (IP
protocol 50), and ISAKMP (UDP port 500).
If you are using IPsec NAT traversal/transparency then you'll variously need
to permit UDP port 4500 (for standard IPsec NAT traversal), or whatever TCP
or UDP port you have configured for IPsec over TCP or UDP on the
concentrator (often the default port 10000).
2. If you are using L2TP for remote access then it will almost certainly be
L2TP over IPsec(RFC 3193). So, in this case permit the IPsec ports indicated
above. If you are using L2TP without IPsec then you'll need to permit UDP
port 1701.
3. If you are using PPTP then you'll need to permit TCP port 1723 (for the
PPTP control connection) and eGRE (IP protocol 47, for the PPTP session).
Hope that helps,
Mark
CCIE#6280 / CCSI#21051 / etc.
Author: www.ciscopress.com/1587051044
>From: Security Candidate <doubleccie@yahoo.com>
>Reply-To: Security Candidate <doubleccie@yahoo.com>
>To: ccielab@groupstudy.com, security@groupstudy.com
>Subject: How to allow VPN traffic Date: Wed, 30 Jun 2004 03:41:46 -0700
>(PDT)
>
>Folks ;
>I want to allow outside users of my network to get access to the inside VPN
>concentrator (IPsec traffic i think )..what is the traffic which i should
>enable in the incoming interface of my router to allow only VPN to work
>
>
>User-------------->(Router)--------{concentrator }
>
>
>thanks
>
>
>---------------------------------
>Do you Yahoo!?
>New and Improved Yahoo! Mail - Send 10MB messages!
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:53 GMT-3