If you are setting up an IPSec connection, then there IS a service group you can specify.
I believe GRE (IP protocol 47) is also included. Depending on your IPSec setup you may not need to allow all of the protocols/ports included in "IPSec" service group, but it makes for a more readable policy.
You probably need to pass IKE (UDP/500), ESP (IP protocol 50), and AH (IP protocol 51). There's likely also some CP specific names for this stuff, and maybe even a service group representing all of them, but I don't have a CP system to look on right now.
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question:
I recommend: delete or split points. Both experts have valuable information
if there is any objection or other expert commentary to this recommendation then please post in here within 7 days.
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. http://www.experts-exchange.com/Community_Support/
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
thanks,
lrmoore
EE Cleanup Volunteer
---------------------
0
SpideyModCommented:
Split
SpideyMod
Community Support Moderator @Experts Exchange
I believe GRE (IP protocol 47) is also included. Depending on your IPSec setup you may not need to allow all of the protocols/ports included in "IPSec" service group, but it makes for a more readable policy.