From: Koen Peetermans (K.Peetermans@chello.be)
Date: Wed Jun 30 2004 - 08:12:08 GMT-3
Hi,
I don't think AH (IP Protocol 51) is used/possible on the concentrator,
So allowing UDP 500 (IKE) and ESP (IP 50) would be sufficient for standard
IPSEC.
Remember if you are doing NAT-T, you would also need to allow UDP 4500.
And if you are using TCP encapsulation on the concentrator then you would
need to add that port too.
(Proprietary UDP encapsulation is also possible, but since NAT-T was
released I don't see any reason anymore to use it) (albeit nostalgy ;-))
Kind regards,
Koen.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Richard Dumoulin
Sent: woensdag 30 juni 2004 12:53
To: Security Candidate; ccielab@groupstudy.com; security@groupstudy.com
Subject: RE: How to allow VPN traffic
I think you need the following:
Udp 500
Ip 50
Ip 51
--Richard
-----Original Message-----
From: Security Candidate [mailto:doubleccie@yahoo.com]
Sent: miircoles, 30 de junio de 2004 12:42
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: How to allow VPN traffic
Folks ;
I want to allow outside users of my network to get access to the inside VPN
concentrator (IPsec traffic i think )..what is the traffic which i should
enable in the incoming interface of my router to allow only VPN to work
User-------------->(Router)--------{concentrator }
thanks
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:53 GMT-3