ipsec ports

TheMSsForum.com: The Microsoft Software Forum

I am going to setup IPSEC tunnels between windows servers that pass through
different firewalls owned by other organizations. I need to submit requests
to the other firewall admins requesting ports and protocols be opened up and
I want to get it right the first time. What ports are required to be open for
the handshake and communication of ipsec between two windows servers through
a firewall?

Thank You

Erik
Top

RE: ipsec ports by ErikBurdett

ErikBurdett
Mon Nov 13 08:36:02 CST 2006

I have found ports 500 and 4500 UDP. Is this correct?

Thanks

Erik

"Erik Burdett" wrote:

> I am going to setup IPSEC tunnels between windows servers that pass through
> different firewalls owned by other organizations. I need to submit requests
> to the other firewall admins requesting ports and protocols be opened up and
> I want to get it right the first time. What ports are required to be open for
> the handshake and communication of ipsec between two windows servers through
> a firewall?
>
> Thank You
>
> Erik
Top

Re: ipsec ports by karl

karl
Tue Nov 14 07:35:45 CST 2006


Did you google it? I searched www.google.com for ipsec firewall and the
article below was the first result.

http://support.microsoft.com/default.aspx/kb/233256

You need UDP port 500, and either IP protocol 50 or 51, depending on whether
you are using AH, ESP or both. Even if you are using both, I do not believe
you need both IP protocols open, as one protocol is encapsulated in the
other.

--
kind regards,
Karl Levinson, CISSP, CCSA, MCSE [MS MVP]
--------------------------------
Microsoft Security FAQ:
http://securityadmin.info

"Erik Burdett" <ErikBurdett@discussions.microsoft.com> wrote in message
news:BE95480D-80BC-4975-9E57-22FEF61869FD@microsoft.com...
>I have found ports 500 and 4500 UDP. Is this correct?
>
> Thanks
>
> Erik
>
> "Erik Burdett" wrote:
>
>> I am going to setup IPSEC tunnels between windows servers that pass
>> through
>> different firewalls owned by other organizations. I need to submit
>> requests
>> to the other firewall admins requesting ports and protocols be opened up
>> and
>> I want to get it right the first time. What ports are required to be open
>> for
>> the handshake and communication of ipsec between two windows servers
>> through
>> a firewall?
>>
>> Thank You
>>
>> Erik


Top

Re: ipsec ports by Arley

Arley
Wed Nov 15 03:45:54 CST 2006

If both servers are behind NAT devices the only ports you'll need will be
UDP 500 (IKE, ISAKMP) and UDP 4500 for NAT Traversal. If not, depedends on
your ipsec deployment, but basically opening udp 500 and ip 50 e 51 for
ESP/AH.

Checks this MS article:
http://technet2.microsoft.com/WindowsServer/en/library/8fbd7659-ca23-4320-a350-6890049086bc1033.mspx?mfr=true

Cheers,
Arley Silveira.

"Erik Burdett" <ErikBurdett@discussions.microsoft.com> wrote in message
news:1F11D4D4-2291-4B6E-A83C-950A6897B195@microsoft.com...
>I am going to setup IPSEC tunnels between windows servers that pass through
> different firewalls owned by other organizations. I need to submit
> requests
> to the other firewall admins requesting ports and protocols be opened up
> and
> I want to get it right the first time. What ports are required to be open
> for
> the handshake and communication of ipsec between two windows servers
> through
> a firewall?
>
> Thank You
>
> Erik


Top