asked on Vyatta 5400 (IPSEC VPN Ports)
Hi, what is the correct way to tell vyatta the ports on an ipsec, we have to connect to a host that listens on two ports, is it done with space? comma seperated?
Example below:
Example below:
tunnel 11 {
allow-nat-networks disable
allow-public-networks disable
esp-group Our-Group-Their-Group-ESP
local {
prefix x.x.x.x/32
}
remote {
port 7007,9005 (seperate by comma? Space? Dash?)
prefix x.x.x.x/32
}
}
Internet Protocol SecurityVPN* IKEv2* vyatta
Last Comment
Mario Bernheim
ASKER
Thank you, on these ports, there are web services where we are going to be consuming services. they are ports where they accept traffic on
The documentation I liked to previously uses the word "port" (which is singular), rather than "ports".
I would suggest checking with the other side to see if the VPN is rtequired to be just for the specific ports, or if they can do an IP VPN (all ports and protocols) and just apply NAT and an allow ACL on the required ports.
I would suggest checking with the other side to see if the VPN is rtequired to be just for the specific ports, or if they can do an IP VPN (all ports and protocols) and just apply NAT and an allow ACL on the required ports.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
I found the answer on stackpath, so they should be seperated by , like so: port 80,8080,9090
thanks!
thanks!
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
It would be "unusual" for an IPSec VPN tunnel to be configured on different ports. I would suggest confirming withthe other side what each port is used for. I wonder if these are the ports that they accept traffic on, rather than the ports used for IKE.
This page indicates that the port statement is only used in conjunction with prefix", which would also suggest that it is used to define traffic rather than used for IKE.