Dear guru, I'm pretty new to NS, we have configured the Lan-to-lan VPN as per the instruction in the manual, however, the tunnel failed and inactive by "get sa". Wondering it would be blocked by the ISP-router, we have asked our ISP to open the "VPN" ports. we are using g2-esp-3des-sha for P2 and Pre-g2-3des-sha for P1.
What ports are required on my router to allow such connection. udp/500 for ipsec?
Any ideas?
You'll have to open 500/udp for negociations, and ESP protocol for encapsulated traffic (unless there is NAT on the way and NAT-T extension used, in that case, you'll have to open 4500/udp).
Yvan.
1st you have to unset the dynamic protocols from the tunnel interface (in case you are using this). Then unset the tunnel interface from the vpn. Then unset the vpn from the ike gateway. Now it´s possible to unset the ike gateway.
Regards,
Carsten JNCIS-FWV
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.