Mario Bernheim
asked on
Vyatta 5400 (IPSEC VPN Ports)
Hi, what is the correct way to tell vyatta the ports on an ipsec, we have to connect to a host that listens on two ports, is it done with space? comma seperated?
Example below:
Example below:
tunnel 11 {
allow-nat-networks disable
allow-public-networks disable
esp-group Our-Group-Their-Group-ESP
local {
prefix x.x.x.x/32
}
remote {
port 7007,9005 (seperate by comma? Space? Dash?)
prefix x.x.x.x/32
}
}
ASKER
Thank you, on these ports, there are web services where we are going to be consuming services. they are ports where they accept traffic on
The documentation I liked to previously uses the word "port" (which is singular), rather than "ports".
I would suggest checking with the other side to see if the VPN is rtequired to be just for the specific ports, or if they can do an IP VPN (all ports and protocols) and just apply NAT and an allow ACL on the required ports.
I would suggest checking with the other side to see if the VPN is rtequired to be just for the specific ports, or if they can do an IP VPN (all ports and protocols) and just apply NAT and an allow ACL on the required ports.
ASKER
I found the answer on stackpath, so they should be seperated by , like so: port 80,8080,9090
thanks!
thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It would be "unusual" for an IPSec VPN tunnel to be configured on different ports. I would suggest confirming withthe other side what each port is used for. I wonder if these are the ports that they accept traffic on, rather than the ports used for IKE.
This page indicates that the port statement is only used in conjunction with prefix", which would also suggest that it is used to define traffic rather than used for IKE.