RE: IPsec port

Evans, TJ Fri, 30 Mar 2001 10:05:40 -0800
One <important> distinction - AH and ESP are not on 'ports' per se, but
protocols...

i.e. - to allow AH thorugh PIX you *would not* use
conduit permit tcp host w.x.y.z eq AH any                       <replacing
AH w/ 50 will also not work ... well, it will - but will allow

instead, the following would be TWID:
conduit permit ah any any   
        <same for esp, icmp <if allowing all ... >>


<see also http://www.chebucto.ns.ca/~rakerman/port-table.html  ... "Note
that certain services such as IPSec and Microsoft's PPTP use non-TCP/UDP
protocols so they are not covered on this page. In particular, PPTP uses GRE
(protocol 47) and IPSec uses ESP (protocol 50) and AH (protocol 51).
Protocol numbers are not the same as port numbers. IANA maintains the
Assigned Internet Protocol Numbers. ">


Thanks!
TJ

 -----Original Message-----
From:   Rizzo Damian [mailto:[EMAIL PROTECTED]] 
Sent:   Friday, March 30, 2001 12:19
To:     'Ruihai An'; [EMAIL PROTECTED]
Subject:        RE: IPsec port

AH-port 50, ESP-port 51 and ISAKMP-port 500



-----Original Message-----
From: Ruihai An [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 30, 2001 12:05 PM
To: [EMAIL PROTECTED]
Subject: IPsec port


I configured my PIX as the IPsec VPN terminator to support DES VPN client.
I have an inbound access-list  on my perimeter router.  Does any one know
the ports I need to open for IPsec VPN traffic on my perimeter router ?

Ruihai


_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: IPsec port

Reply via email to
