Solved

Protocols 50 and 51 with Linksys router

Posted on 2003-12-08
11
2,984 Views
Last Modified: 2016-10-12
Is a BEFSR11 linksys router capable of letting in Protocols 50 and 51?
I am under the understanding that Protocols and ports are 2 different things.
I would not set up port 50 and 51 to be forwarded. Am I correct?
I called linksys but the person I was talking to kept insisting they were port numbers.
I guess its to much to ask Linksys tech support to know there product.
0
Comment
Question by:pauls681
11 Comments
 
LVL 33

Expert Comment

by:MikeKane
ID: 9899137
To answer the difference between port and protocol

  Protocol - When data is being transmitted between two or more devices something needs to govern the controls that keep this data intact. A formal description of message formats and the rules two computers must follow to exchange those messages. Protocols can describe low-level details of machine-to-machine interfaces (e.g., the order in which hits and bytes are sent across wire) or high-level exchanges between application programs (e.g., the way in which two programs transfer a file across the Internet). [San Diego State University]

Ports are used by the TCPIP suite of protocols to establish a  basis and consensus on standard applications.   Such as DNS runs on TCP PORT 53,  

So, when you say you need 50 and 51 open, most likely its either UDP or TCP ports 50 and 51.   So the linksys tech guy was correct, sorry.  

The linksys routers can forward these ports to a static internal address.    Follow these instructions
Port forwarding is a method that allows you to run a server behind the router.  Port Forwarding opens a specific port to a computer behind the router, allowing all Incoming Traffic on that port to be sent directly to that server.  It should be used to setup servers behind the router.    
 
 
   
 
 Port Triggering (KB10934316) is a better choice for non-server applications (such as instant messengers and game servers).  
 
 
 
   
 
 Below is an example of how to setup Port Forwarding.  For our example, we will be setting an FTP Server and a Mail Server that uses SMTP and POP3.  
 
 
 
   
 
 FTP uses ports:  20 and 21  
 
 
   
 
 SMTP uses port: 25  
 
 
   
 
 POP3 uses port: 110  
 
 
 
   
 
 Getting Started  
 
 
   
 
 1.You must set a static IP address on the server.  If you are unsure of how to do this, please see Article KB10934010 for information on setting a static IP address in Windows.  
 
 
 
   
 
 2.Once the static IP address has been assigned to the server, open a web browser and type in the IP address of the router into the browser address bar (192.168.1.1 is the default IP of Linksys routers).  
 
 
 
   
 
 3.When the username and password prompt appears, skip the username field and type admin for the password. Click OK or press the [Enter] key to load the router's "Setup" page.  If you have changed the password, use it to access the router's "Setup" page when this prompt appears.  
 
 
   
 
   
 
 
   
 
 Note:  If you have forgotten the IP address or the password of the router (if either was changed), you must reset the router to factory defaults by holding in the Reset button on the router for 30 seconds.  
 
 
 
   
 
 4.Click on the Advanced tab on the upper right corner.  Once the new page appears, click on the Forwarding tab.  
 
 
 
   
 
 5.You will need to input entries into the first three lines of this Forwarding table.  
 
 
 
   
 
 For example:  
 
 
 
 
Customized Applications
 Ext. Port
 Protocol
   
 
 IP Address  
 
 
   
 
 Enable  
 
 
FTP 20 to 21 Both 192.168.1.3 CHECK
SMTP 25 to 25 Both 192.168.1.3 CHECK
POP3 110 to 110 TCP 192.168.1.3 CHECK
 
 
 Customized Applications:  A name you choose to name what the ports will be used for.
Ext. Port:  The external range of ports of the application that will be used.
Protocol:  The protocols that the application will use, TCP, UDP, or Both.  May be chosen with checkboxes or a drop-down menu depending on firmware version.
IP Address:  The static IP address of the server computer.  This IP address was set in Step 1.

 Good Luck
0
 

Author Comment

by:pauls681
ID: 9899740
If protocol 50 and 51 are the same as ports then why dont they call them ports?????
It specifcally states open port xxx and protocols 50 and 51. If it means port then why call the protocols??  I know Protocols and ports are not the same.
I don't beleive your answer is correct.
 Does anyone else have any input or can verify the above explanation.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 50 total points
ID: 9900395
My 2 cents for what it's worth...

Generally speaking, you are correct that protocols do not equal ports. Example
GRE as a protocol has no concept of ports.
However, in this case, Protocol 50 and 51 are the well known port numbers assigned to the
Authentication header and Encapsulating Security Payload components of the IPSec protocol.
ESP =  50, AH = 51
In a cisco access-list I have the option of using "esp" or "tcp port 50", i.e.
access-list xyz permit esp host a.b.c.d host c.f.g.h
or
access-list xyz permit tcp host a.b.c.d eq 50 host c.f.g.h eq 50

The official iana port numbers listing has a different use for tcp/udp ports 50/51:
re-mail-ck       50/tcp    Remote Mail Checking Protocol
re-mail-ck       50/udp    Remote Mail Checking Protocol
la-maint         51/tcp    IMP Logical Address Maintenance
la-maint         51/udp    IMP Logical Address Maintenance

While the official iana protocol-number list is clear, yet even the RFC's are not clear on the ports used...
   50     ESP         Encap Security Payload for IPv6   [RFC2406]
    51     AH          Authentication Header for IPv6    [RFC2402]

Since the linksys doesn't have quite that much intelligence to recognize different protocols, they have given you the ability to enable/disable IPSEC and PPTP "passthrough", but that is generally for outbound. If you setup an inside host as a "dmz" host on the Linksys, then it will certainly pass IPSEC through to it. You can also enable port forwarding and forward Tcp port  50, and 51 to an internal host. However, AH does not work through NAT period anyway, so you'll be out of luck at that point anyway..

If you're using a VPN client with ISAKMP, you'll also need to forward UDP port 500 for ISAKMP..

0
 

Author Comment

by:pauls681
ID: 9900486
Ok, thanks for the response
So as it looks to me we should be able to make this work with the linksys.
That was a much better explanation than I got from the Linksys folks.
0
 

Author Comment

by:pauls681
ID: 9903889
One more question on DMZ Host.
Isn't it risky to set up a DMZ host?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 79

Expert Comment

by:lrmoore
ID: 9904044
Of course it is risky. Make sure you have at least a good host-based software firewall on it...
0
 

Author Comment

by:pauls681
ID: 9904085
So if I need to set up a DMZ host I should look into a software firewall for that system.
Actually if we have to set up a DMZ host to make this work we will most likely be looking for
a better router/firewall.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9904111
I would prefer getting a better router/firewall. One that will terminate the VPN on itself so that you don't have to open up an inside host...
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 9904120
instead of a router (I'm assuming broadband connection), you might look at something like the PIX 501 firewall...
http://www.cisco.com/go/pix
0
 

Author Comment

by:pauls681
ID: 9904127
That is what I am going to recomend.
Thanks for your help.
0
 

Expert Comment

by:T P
ID: 41839866
I need to have a Windows 2012 server behind a router's LAN. I want to connect remote devices via IPSec/L2TP PSK to the win2012server.

Anyone know which router has built in IP Protocol 50 and 51 for this purpose? I tried a netgear, a Cisco RV180W, same stupid error 'encountered an error on security layer of negotiation' - sort of filtering or unable to process key exchange. On CISCO I enabled the IKE and passthrough, but that's as client outbound from LAN not the other way around, to a server inside LAN.

Any tip on which router can do it, within a reasonable price range for a small office ( not say Cisco 1941W)...appreciate any help.


Cheers
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now