Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
What port numbers and type (TCP or UDP) do I need to open for VPN
0 views
Skip to first unread message
Spin
Sep 16, 2004, 6:58:26 PM9/16/04
to
Gurus,
What port numbers and type (TCP or UDP) do I need to open up on my Linksys
Firewall/Router so that I can VPN into a computer sitting behind my
Firewall/Router. I know how to do port-forwarding, I just need the VPN port
numbers and type.
--
Regards,
Spin
Steve Bruce, mct
Sep 16, 2004, 7:36:10 PM9/16/04
to
It's not as simple as port forwarding. If you want to connect to a pptp
server behind a NAT router, the router has to actively support pptp server
publishing. If your router does not have that feature, it isn't going to
work. Same for IPSec.
server behind a NAT router, the router has to actively support pptp server
publishing. If your router does not have that feature, it isn't going to
work. Same for IPSec.
Normally the PPTP or IPSec tunnel endpoints are on the public interface, not
inside NAT.
"Spin" <sp...@spin.com> wrote in message
news:2quk4oF...@uni-berlin.de...
Steven L Umbach
Sep 16, 2004, 11:01:25 PM9/16/04
to
I assume you will be using pptp unless you are using Windows 2003 Server as a VPN
server and have the NAT-T client installed on the VPN client machines which would
also need computer certificates for l2tp. If that is correct you need to port forward
port 1723 TCP to your VPN server/computer accepting inbound and allow protocol
47/gre. I believe Linksys has an option to enable pptp passthrough which enable
protocol 47 access. I also suggest you configure the VPN client connectoid properties
to use pptp in network type instead of auto if available. Windows 2000 for instance
will try l2tp first if auto is selected. --- Steve
server and have the NAT-T client installed on the VPN client machines which would
also need computer certificates for l2tp. If that is correct you need to port forward
port 1723 TCP to your VPN server/computer accepting inbound and allow protocol
47/gre. I believe Linksys has an option to enable pptp passthrough which enable
protocol 47 access. I also suggest you configure the VPN client connectoid properties
to use pptp in network type instead of auto if available. Windows 2000 for instance
will try l2tp first if auto is selected. --- Steve
"Spin" <sp...@spin.com> wrote in message news:2quk4oF...@uni-berlin.de...
Jetro
Sep 16, 2004, 11:31:45 PM9/16/04
to
If you have VPN connections using PPTP, you will need to allow TCP port 1723
and IP protocol port 47 to pass through your firewall. If you are using
L2TP/IPSec, you will need UDP port 500 and IP protocol port 50 to pass
through the firewall. If you are using AH/ESP in your IPSec policies, you
will also need IP protocol port 51 to pass.
and IP protocol port 47 to pass through your firewall. If you are using
L2TP/IPSec, you will need UDP port 500 and IP protocol port 50 to pass
through the firewall. If you are using AH/ESP in your IPSec policies, you
will also need IP protocol port 51 to pass.
Doubtful that any SOHO router supports the flexible rules for IP protocol.
One of my Linksys routers has just one radio button for IPSec pass-through
and another one for PPTP pass-through. Certainly this is not a firewall but
Swiss cheese.
Jetro
Sep 17, 2004, 1:37:34 PM9/17/04
to
I prefer to know what's going on behind the curtain and keep my hands dirty.
Anyway, SOHO "router" is neither a router nor a firewall as you perfectly
awared :) and isn't too configurable, that was my point as always.
Anyway, SOHO "router" is neither a router nor a firewall as you perfectly
awared :) and isn't too configurable, that was my point as always.
Jetro
Sep 17, 2004, 5:12:12 PM9/17/04
to
I would agree with the 'light-weight' definition if you mean 'one-way' or
'input/inbound only'.
'input/inbound only'.
Jetro
Sep 17, 2004, 7:27:06 PM9/17/04
to
Sorry if I am boring you.
I don't care if Cisco or MS or anyone else invents new definitions for the
old matter or marketing purposes every day and I wouldn't refer to a
/firewall/ word as a slang. Certainly it could be a slang word in some
closed communities of certificate holders :o) but Firewall is "any thing"
used to block unsolicited traffic like a real fire wall blocks a real fire,
i.e. both ways, otherwise this is not a firewall but an imitation and
forgery.
I don't care if Cisco or MS or anyone else invents new definitions for the
old matter or marketing purposes every day and I wouldn't refer to a
/firewall/ word as a slang. Certainly it could be a slang word in some
closed communities of certificate holders :o) but Firewall is "any thing"
used to block unsolicited traffic like a real fire wall blocks a real fire,
i.e. both ways, otherwise this is not a firewall but an imitation and
forgery.
0 new messages