• Enfield, Waltham Abbey
  • 0844 567 4250

Search

Ports for VPN Pass-Through

Oct 24

Written by:
Wed, 24 Oct 2012 14:28:04 GMT  RssIcon

Below you will find detailed information on ports used for VPN pass through.

If RRAS based VPN server is behind a firewall (i.e. a firewall is placed between Internet and RRAS server), then following ports need to be opened (bidirectional) on this firewall to allow VPN traffic to pass through: -

  • For PPTP:
    • IP Protocol=TCP, TCP Port number=1723   <- Used by PPTP control path
    • IP Protocol=GRE (value 47)   <- Used by PPTP data path
  • For L2TP:
    • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path
  • For SSTP:
    • IP Protocol=TCP, TCP Port number=443   <- Used by SSTP control and data path
  • For IKEv2:
    • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path

If RRAS server is directly connected to Internet, then you need to protect RRAS server from the Internet side (i.e. only allow access to the services on the public interface that is accessible from the Internet side). This can be done using RRAS static filters or running Windows Firewall on the public interface (or the interface towards the Internet side). In this scenario following ports need to be opened (bidirectional) on RRAS box to allow VPN traffic to pass through

  • For PPTP:
    • IP Protocol=TCP, TCP Port number=1723  <- Used by PPTP control path
    • IP Protocol=GRE (value 47)  <- Used by PPTP data path
  • For L2TP:
    • IP Protocol Type=UDP, UDP Port Number=500   <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=1701  <- Used by L2TP control/data path
    • IP Protocol Type=50  <- Used by data path (ESP)
  • For SSTP:
    • IP Protocol=TCP, TCP Port number=443   <- Used by SSTP control and data path
  • For IKEv2:
    • IP Protocol Type=UDP, UDP Port Number=500   <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=1701  <- Used by L2TP control/data path
    • IP Protocol Type=50 <- Used by data path (ESP)

Note: Please DO NOT configure RRAS static filters if you are running on the same server RRAS based NAT router functionality. This is because RRAS static filters are stateless and NAT translation requires a stateful edge firewall like ISA firewall.

Sources: rrasblog, technet, microsoft

 

Please Read:

If this Free tutorial was able to help - show us some support and help keep this knowledge base free by liking us on facebook, +1 us on Google Plus, install our amazing toolbar for instant access to our RSS feeds, follow us on twitter for all the latest trends in I.T and finally join our fantastic community forum where you can find help on all things I.T - from building your own PC to fix-it-yourself solutions from the Pros!


**Revenue from Pay-Per-Click Advertising is used to support this forum, any excess is donated to Doctors Without Borders**

Copyright Love 4 IT © 2012


Your name:
Gravatar Preview
Your email:
(Optional) Email used only to show Gravatar.
Comment:
Security Code
CAPTCHA image
Enter the code shown above in the box below
Add Comment   Cancel 

Contact Us

Have an I.T Problem? Get in touch for an informal chat and find out how we can help

Click here

Blog Calendar

Archive
<November 2017>
MonTueWedThuFriSatSun
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910
Monthly
Go
By continuing to use this site you agree to the use of cookies. To view our policy on cookies click here