Nortel vpn and reflexive ACL

Posted on 2008-11-11
Last Modified: 2012-06-27
I've never used Nortel vpn, but have some familiarity with Cisco vpn.  I need to make sure that a visitor on Friday will be able to use Nortel vpn from my office to remote desktop to a computer in his office.   While I'm not concerned with connectivity at the other end, I want to make sure I have the necessary ports open at my end.   Does all traffic over the Nortel vpn use the same port or does port usage follow standard protocol/port mappings?  If Nortel is over 500 udp (both ends), does port 3389 need to be opened for RDP?  Are there any other ports that need to be opened?   Thanks.
Question by:cathyn
    LVL 32

    Accepted Solution

    I do not think you would need to open any specific ports for Nortel VPN as long as other VPN clients work when behind your network; in principle all IPSec VPN implementations use UDP 500 for IKE and protocol 50/51 for ESP/AH; further they might also use UDP 4500 for NAT-traversal.
    If the data would be encrypted over the VPN tunnel and then sent to the internet then you need not open port 3389; in any case; if you have all ports or all commonly used ports allowed from inside to outside then you would not have any problem at all.
    You firewall if is stateful would take care of the traffic which comes back as response of the traffic which has gone out.

    Thank you.
    LVL 1

    Author Comment

    The Cisco vpn works, so sounds like Nortel should as well.   Thanks for verifying that the traffic stays within the vpn tunnel.  
    LVL 32

    Expert Comment

    You are welcome; please update the post if you need more details.

    Thank you.
    LVL 1

    Author Closing Comment

    Test performed as expected!  Thanks!

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now