Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Protocols 50 and 51 with Linksys router

Posted on 2003-12-08
Medium Priority
Last Modified: 2016-10-12
Is a BEFSR11 linksys router capable of letting in Protocols 50 and 51?
I am under the understanding that Protocols and ports are 2 different things.
I would not set up port 50 and 51 to be forwarded. Am I correct?
I called linksys but the person I was talking to kept insisting they were port numbers.
I guess its to much to ask Linksys tech support to know there product.
Question by:pauls681
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 33

Expert Comment

ID: 9899137
To answer the difference between port and protocol

  Protocol - When data is being transmitted between two or more devices something needs to govern the controls that keep this data intact. A formal description of message formats and the rules two computers must follow to exchange those messages. Protocols can describe low-level details of machine-to-machine interfaces (e.g., the order in which hits and bytes are sent across wire) or high-level exchanges between application programs (e.g., the way in which two programs transfer a file across the Internet). [San Diego State University]

Ports are used by the TCPIP suite of protocols to establish a  basis and consensus on standard applications.   Such as DNS runs on TCP PORT 53,  

So, when you say you need 50 and 51 open, most likely its either UDP or TCP ports 50 and 51.   So the linksys tech guy was correct, sorry.  

The linksys routers can forward these ports to a static internal address.    Follow these instructions
Port forwarding is a method that allows you to run a server behind the router.  Port Forwarding opens a specific port to a computer behind the router, allowing all Incoming Traffic on that port to be sent directly to that server.  It should be used to setup servers behind the router.    
 Port Triggering (KB10934316) is a better choice for non-server applications (such as instant messengers and game servers).  
 Below is an example of how to setup Port Forwarding.  For our example, we will be setting an FTP Server and a Mail Server that uses SMTP and POP3.  
 FTP uses ports:  20 and 21  
 SMTP uses port: 25  
 POP3 uses port: 110  
 Getting Started  
 1.You must set a static IP address on the server.  If you are unsure of how to do this, please see Article KB10934010 for information on setting a static IP address in Windows.  
 2.Once the static IP address has been assigned to the server, open a web browser and type in the IP address of the router into the browser address bar ( is the default IP of Linksys routers).  
 3.When the username and password prompt appears, skip the username field and type admin for the password. Click OK or press the [Enter] key to load the router's "Setup" page.  If you have changed the password, use it to access the router's "Setup" page when this prompt appears.  
 Note:  If you have forgotten the IP address or the password of the router (if either was changed), you must reset the router to factory defaults by holding in the Reset button on the router for 30 seconds.  
 4.Click on the Advanced tab on the upper right corner.  Once the new page appears, click on the Forwarding tab.  
 5.You will need to input entries into the first three lines of this Forwarding table.  
 For example:  
Customized Applications
 Ext. Port
 IP Address  
FTP 20 to 21 Both CHECK
SMTP 25 to 25 Both CHECK
POP3 110 to 110 TCP CHECK
 Customized Applications:  A name you choose to name what the ports will be used for.
Ext. Port:  The external range of ports of the application that will be used.
Protocol:  The protocols that the application will use, TCP, UDP, or Both.  May be chosen with checkboxes or a drop-down menu depending on firmware version.
IP Address:  The static IP address of the server computer.  This IP address was set in Step 1.

 Good Luck

Author Comment

ID: 9899740
If protocol 50 and 51 are the same as ports then why dont they call them ports?????
It specifcally states open port xxx and protocols 50 and 51. If it means port then why call the protocols??  I know Protocols and ports are not the same.
I don't beleive your answer is correct.
 Does anyone else have any input or can verify the above explanation.
LVL 79

Accepted Solution

lrmoore earned 200 total points
ID: 9900395
My 2 cents for what it's worth...

Generally speaking, you are correct that protocols do not equal ports. Example
GRE as a protocol has no concept of ports.
However, in this case, Protocol 50 and 51 are the well known port numbers assigned to the
Authentication header and Encapsulating Security Payload components of the IPSec protocol.
ESP =  50, AH = 51
In a cisco access-list I have the option of using "esp" or "tcp port 50", i.e.
access-list xyz permit esp host a.b.c.d host c.f.g.h
access-list xyz permit tcp host a.b.c.d eq 50 host c.f.g.h eq 50

The official iana port numbers listing has a different use for tcp/udp ports 50/51:
re-mail-ck       50/tcp    Remote Mail Checking Protocol
re-mail-ck       50/udp    Remote Mail Checking Protocol
la-maint         51/tcp    IMP Logical Address Maintenance
la-maint         51/udp    IMP Logical Address Maintenance

While the official iana protocol-number list is clear, yet even the RFC's are not clear on the ports used...
   50     ESP         Encap Security Payload for IPv6   [RFC2406]
    51     AH          Authentication Header for IPv6    [RFC2402]

Since the linksys doesn't have quite that much intelligence to recognize different protocols, they have given you the ability to enable/disable IPSEC and PPTP "passthrough", but that is generally for outbound. If you setup an inside host as a "dmz" host on the Linksys, then it will certainly pass IPSEC through to it. You can also enable port forwarding and forward Tcp port  50, and 51 to an internal host. However, AH does not work through NAT period anyway, so you'll be out of luck at that point anyway..

If you're using a VPN client with ISAKMP, you'll also need to forward UDP port 500 for ISAKMP..

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.


Author Comment

ID: 9900486
Ok, thanks for the response
So as it looks to me we should be able to make this work with the linksys.
That was a much better explanation than I got from the Linksys folks.

Author Comment

ID: 9903889
One more question on DMZ Host.
Isn't it risky to set up a DMZ host?
LVL 79

Expert Comment

ID: 9904044
Of course it is risky. Make sure you have at least a good host-based software firewall on it...

Author Comment

ID: 9904085
So if I need to set up a DMZ host I should look into a software firewall for that system.
Actually if we have to set up a DMZ host to make this work we will most likely be looking for
a better router/firewall.
LVL 79

Expert Comment

ID: 9904111
I would prefer getting a better router/firewall. One that will terminate the VPN on itself so that you don't have to open up an inside host...
LVL 79

Expert Comment

ID: 9904120
instead of a router (I'm assuming broadband connection), you might look at something like the PIX 501 firewall...

Author Comment

ID: 9904127
That is what I am going to recomend.
Thanks for your help.

Expert Comment

by:T P
ID: 41839866
I need to have a Windows 2012 server behind a router's LAN. I want to connect remote devices via IPSec/L2TP PSK to the win2012server.

Anyone know which router has built in IP Protocol 50 and 51 for this purpose? I tried a netgear, a Cisco RV180W, same stupid error 'encountered an error on security layer of negotiation' - sort of filtering or unable to process key exchange. On CISCO I enabled the IKE and passthrough, but that's as client outbound from LAN not the other way around, to a server inside LAN.

Any tip on which router can do it, within a reasonable price range for a small office ( not say Cisco 1941W)...appreciate any help.


Featured Post

Protect Your Retail Business and Reputation

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security.  Join us for an informative webinar to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question