What do we need to configure in sequence to make certain a VPN works with a corporate firewall?
Are there special considerations for creation VPNs work with firewalls?
SearchEnterpriseWAN.com members benefit evident and total entrance to violation attention news, best practices for conceptualizing and handling Wide Area Networks, WAN Security, and some-more — all during no cost. Join me on SearchEnterpriseWAN.com today!
Kate Gerwig, Editorial Director
A practical private network (VPN) is
typically instituted from a outside. Since we are seeking about your corporate firewall, I’ll
assume this box for a functions of this answer. There are many SOHO
firewalls that contingency be configured for VPN
passthrough to concede VPN operation from a inside. Consequently, corporate firewalls contingency be
configured to concede a germane ports and protocols that are being used to trigger a VPN
connection and to concede a ride of a VPN trade to a germane concentrator. It’s
important to note, fixation a VPN gateway on a outward of a network fringe is not
recommended. This is opposite from customary stateful firewall operation with connectors instituted from inside the
perimeter. In this case, a firewall creates a compulsory conduits for a lapse trade on the
fly. Therefore, for VPN operation a compulsory ports and protocols contingency be remarkable and configured
correctly. For SSL
VPN, for example, we contingency safeguard a SSL pier is open for entrance to a SSL VPN gateway. This
is typically Port 443 and operates over TCP, Protocol 6. For IPsec,
however, we need to do a small some-more work and concede for IKE (for the
initial pivotal exchange), that operates around UDP on Port 500, as good as for NAT
Traversal (in many cases), that operates around UDP Port 4500. Then, we contingency safeguard that
Protocol 50 for ESP and/or
Protocol 51 for AH are open to
allow a IPsec trade to pass. There are other reduction ordinarily used VPN technologies that all have
different singular requirements, for instance PPTP,
L2TP,
L2F. Ultimately,
the pivotal is creation certain we know a mandate that are germane to a confidence protocol
that is being used.
For some-more information on how a VPN works:
- See what IPsec
VPN protocols are used today. - Learn about a pros
and cons of disabling VPN passthrough. - Understand that ports
should be non-stop when IPsec filters are used.
This was initial published in Jul 2012
Article source: http://www.pheedcontent.com/click.phdo?i=c1130f0031cfa26c3610d4775e803307