Solved

Ports needed to be opened

Posted on 2007-11-20
3
631 Views
Last Modified: 2008-04-28
I am planning on deploying a SonicWall TZ150 to create an IPSec VPN and would like to know what ports need to be opened on a firewall to allow the VPN to connect. I am installing this solution on a Government facility and need to reqest the correct ports to be opened. I tried to install the device on the network last week and it would not connect. It would allow communication through port 80 but it looked like the problem was UPD port 500 but I want to make sure what ports I need to request to be opened.
0
Comment
Question by:tparus
  • 2
3 Comments
 
LVL 15

Expert Comment

by:getzjd
Comment Utility
you are using the tz150 as an endpoint?  If so, just check the box "enable VPN" and configure the vpn.

Or is there an endpoint behind the tz150?
0
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 500 total points
Comment Utility
I don't know about the particular device you are using, but for IPsec VPNs to work you need the following:

IPsec generally needs UDP 500 for IKE (Internet Key Exchange).  You will also need AH (Authentication Header) and ESP (Encapsulated Security Payload) IP protocols to be allowed (51 and 50).  You may also need IPsec NAT-T which is UDP 4500.

Finally, it is often necessary to allow fragmented IP packets, as encrypted packets are often big.

0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Thanks for the points :)
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now