Vyatta 5400 (IPSEC VPN Ports)
Hi, what is the correct way to tell vyatta the ports on an ipsec, we have to connect to a host that listens on two ports, is it done with space? comma seperated?
Example below:
Example below:
tunnel 11 {
allow-nat-networks disable
allow-public-networks disable
esp-group Our-Group-Their-Group-ESP
local {
prefix x.x.x.x/32
}
remote {
port 7007,9005 (seperate by comma? Space? Dash?)
prefix x.x.x.x/32
}
}
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IPSec (or more precicisely IKE) uses UDP:500 and can also use UDP:4500, other parts of IPSec use different IP protocols (AH, ESP), these do not have ports associated with them.
It would be "unusual" for an IPSec VPN tunnel to be configured on different ports. I would suggest confirming withthe other side what each port is used for. I wonder if these are the ports that they accept traffic on, rather than the ports used for IKE.
This page indicates that the port statement is only used in conjunction with prefix", which would also suggest that it is used to define traffic rather than used for IKE.
It would be "unusual" for an IPSec VPN tunnel to be configured on different ports. I would suggest confirming withthe other side what each port is used for. I wonder if these are the ports that they accept traffic on, rather than the ports used for IKE.
This page indicates that the port statement is only used in conjunction with prefix", which would also suggest that it is used to define traffic rather than used for IKE.
Thank you, on these ports, there are web services where we are going to be consuming services. they are ports where they accept traffic on
The documentation I liked to previously uses the word "port" (which is singular), rather than "ports".
I would suggest checking with the other side to see if the VPN is rtequired to be just for the specific ports, or if they can do an IP VPN (all ports and protocols) and just apply NAT and an allow ACL on the required ports.
I would suggest checking with the other side to see if the VPN is rtequired to be just for the specific ports, or if they can do an IP VPN (all ports and protocols) and just apply NAT and an allow ACL on the required ports.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial