IPsec Firewall: Difference between revisions

Content deleted Content added

Inline

Revision as of 14:51, 26 June 2015

If there is no NAT involved, you need UDP port 500 for the IKE control channel, and IP protocol ESP for the data channel.

If NAT has been detected, or you force IKE to believe NAT is present (see below) you need UDP port 4500 only (no need for protocol ESP). You may need UDP port 500 too, to allow the initial contact to be made - though as soon as NAT is detected (or it has been forced) IKE switches to 4500.

The config force-NAT option [Note the capitalisation ] can be used to force IKE to treat the connection as if it was NATed. This is in the top-level ipsec-ike config item and you need "Show all" on the UI.

Revision as of 20:15, 10 May 2015 view source AA-Andrew (talk \| contribs) autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators 12,616 edits Created page with "If there is no NAT involved, you need UDP port 500 for the IKE control channel, and IP protocol ESP for the data channel. If NAT has been detected, or you force IKE to believ..."		Revision as of 14:51, 26 June 2015 view source AA-Andrew (talk \| contribs) autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators 12,616 edits mNo edit summary Newer edit →
Line 1:		Line 1:
			<indicator name="FireBrick Tunnels">[[File:FBimgtunnel.svg\|link=:Category:FireBrick_Tunnels\|30px\|Back up to the Tunnels Category]]</indicator>
	If there is no NAT involved, you need UDP port 500 for the IKE control channel, and IP protocol ESP for the data channel.		If there is no NAT involved, you need UDP port 500 for the IKE control channel, and IP protocol ESP for the data channel.