L2TP over IPSec
Results 1 to 5 of 5

Thread: L2TP over IPSec

  1. #1
    Senior Member
    Join Date
    Jul 2002
    Posts
    106

    L2TP over IPSec

    Hey all,

    I am trying to configure a VPN solution using L2TP over IPSec. Can anyone tell me what ports I need to open on the firewall to allow this traffic? Unless I'm mistaken I think that I need 1701 UDP, but what else? TIA
    just making some minor adjustments to your system....

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Hey Jeb. I did a little searching on the MS Knowledge Base (assuming you are using Windoze ) and found the following article that might help:

    Microsoft Knowledge Base Article

    If that doesn't help, you may find something else more interesting in the search results I got on the site:

    Search Results


    Hope this helps Buddy.


    t2k2
    Opinions are like holes - everybody\'s got\'em.

    Smile

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    If I am correct in assuming that you are trying to encapsulate L2TP with an IPSEC connection, there are some ports you will need to open. They are as follows:

    IKE (UDP-500) *Assuming you are using IKE*
    ESP (IP Protocol 50)
    AH (IP Protocol 51)

    **PLEASE NOTE: IP protocol 50 and 51 for ESP and AH respectively do not represent a TCP or UDP port they are completely different protocols, and the most common mistake is to try to open up TCP-51 and TCP-51. Let me know what kind of firewall you are using, and I will try to help out. You should also be aware that if you are using a SOHO type firewall, it may not support this!!

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Also, be aware that if you try to NAT with AH, it will fail. This is obviously because NAT changes the packet headers and AH authenticates based on the header :-) ESP will be the only protocol type that you can use if you plan to NAT traffic. One more thing worth noting, most people think that port 500 is the default port for IPSec but this is not entirely true. As the post above indicates, this is for the IKE component. IPSec will traverse whatever port is available as long as the proper protocols are allowed through. Again, ESP and AH as mentioned above.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Posts
    992
    Hi,

    Indeed L2TP over IPSec uses port UDP 1701.
    Following link can make a few things clear, especially on this topic.

    http://adsl.cutw.net/l2tp/w2k-info.html

    Enjoy,

    Greetz.
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides