Vyatta 5400 (IPSEC VPN Ports)

Mario Bernheim
Mario Bernheim used Ask the Experts™
on
Hi, what is the correct way to tell vyatta the ports on an ipsec, we have to connect to a host that listens on two ports, is it done with space? comma seperated?

Example below:

tunnel 11 {
                    allow-nat-networks disable
                    allow-public-networks disable
                    esp-group Our-Group-Their-Group-ESP
                    local {
                        prefix x.x.x.x/32
                    }
                    remote {
                        port 7007,9005 (seperate by comma? Space? Dash?)
                        prefix x.x.x.x/32
                    }
                }

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IPSec (or more precicisely IKE) uses UDP:500 and can also use UDP:4500, other parts of IPSec use different IP protocols (AH, ESP), these do not have ports associated with them.

It would be "unusual" for an IPSec VPN tunnel to be configured on different ports. I would suggest confirming withthe other side what each port is used for. I wonder if these are the ports that they accept traffic on, rather than the ports used for IKE.

This page indicates that the port statement is only used in conjunction with prefix", which would also suggest that it is used to define traffic rather than used for IKE.

Author

Commented:
Thank you,  on these ports, there are web services where we are going to be consuming services. they are ports where they accept traffic on
The documentation I liked to previously uses the word "port" (which is singular), rather than "ports".

I would suggest checking with the other side to see if the VPN is rtequired to be just for the specific ports, or if they can do an IP VPN (all ports and protocols) and just apply NAT and an allow ACL on the required ports.

Author

Commented:
I found the answer on stackpath, so they should be seperated by , like so: port 80,8080,9090

thanks!
I found the answer on stackpath, so they should be seperated by , like so: port 80,8080,9090

thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial