IPsec Firewall: Difference between revisions
mNo edit summary |
mNo edit summary |
||
|
<indicator name="Tunnels">[[File:FBimgtunnel.svg|link=:Category:FireBrick_Tunnels|30px|Back up to the FireBrick Tunnels Category Page]]</indicator>
If there is no NAT involved, you need UDP port 500 for the IKE control channel, and IP protocol ESP (50) for the data channel.
If NAT has been detected, or you force IKE to believe NAT is present (see below) you need UDP port 4500 only (no need for protocol ESP). You may need UDP port 500 too, to allow the initial contact to be made - though as soon as NAT is detected (or it has been forced) IKE switches to 4500.
| |||