On Fri, May 27, 2005 at 02:51:35PM +0200, Marc Haber wrote:
> What you need exactly depends on which IPSEC product you use. Most
> IPSEC NAT Traversal schemes depend on encapsulating the AH/ESP traffic
> into UDP, so you need to open certain UDP ports. You need to NAT
> traffic towards your VPN gateway's Port UDP/500 in any case to allow
> ISAKMP, and probably you need to open up some more UDP ports.
> Netscreen Products tunnel the ESP/AH traffic through UDP/500, so you
> should be fine, and Symantec uses UDP/768 for the payload. Other
> products might do things differently.
just to pad the list--the standard NAT-T port is UDP 4500. the cisco
client can use UDP or TCP 10000, and the check point client uses UDP
2746.
-j
--
"Stewie: You. Fetch me my copy of the Wall Street Journal. You two,
fight to the death."
--Family Guy
