Nortel vpn and reflexive ACL

I've never used Nortel vpn, but have some familiarity with Cisco vpn.  I need to make sure that a visitor on Friday will be able to use Nortel vpn from my office to remote desktop to a computer in his office.   While I'm not concerned with connectivity at the other end, I want to make sure I have the necessary ports open at my end.   Does all traffic over the Nortel vpn use the same port or does port usage follow standard protocol/port mappings?  If Nortel is over 500 udp (both ends), does port 3389 need to be opened for RDP?  Are there any other ports that need to be opened?   Thanks.
LVL 1
cathynAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dpk_walCommented:
I do not think you would need to open any specific ports for Nortel VPN as long as other VPN clients work when behind your network; in principle all IPSec VPN implementations use UDP 500 for IKE and protocol 50/51 for ESP/AH; further they might also use UDP 4500 for NAT-traversal.
If the data would be encrypted over the VPN tunnel and then sent to the internet then you need not open port 3389; in any case; if you have all ports or all commonly used ports allowed from inside to outside then you would not have any problem at all.
You firewall if is stateful would take care of the traffic which comes back as response of the traffic which has gone out.

Thank you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cathynAuthor Commented:
The Cisco vpn works, so sounds like Nortel should as well.   Thanks for verifying that the traffic stays within the vpn tunnel.  
0
dpk_walCommented:
You are welcome; please update the post if you need more details.

Thank you.
0
cathynAuthor Commented:
Test performed as expected!  Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.