VPN IPsec port change

Forum|Forum|14 years ago
March 7, 2012
2 replies
7373 views

Hi I have a FG 50b with the OS v4 MR3 P4. I have created a an IPsec VPN, which works great. Bt in same Networt, there are FireWall' s, which preventing to open a VPN. Is it possible to change the default IPsec VPN port to port 443?

SECCON1MC

New Member

Hello Coolio13, IPSEC vpn' s typically use UDP port 500 or 4500 and then protocols ESP and AH. I' m guessing the other firewalls may be blocking the ESP and AH protocols. The ports and or protocols are not able to be changed due to RFC compliance. Are you sure you do not mean SSL VPNs?

Coolio13Author

New Member

Hello Seccon1MC Thanks for your answer. Yes I was talking about IPSEC. Do I have other ways, to configure a VPN setup, which goes trough other firewalls? But in the mean time, the VPN configuration which has worked, doesn' t work any more. I have done the setup with the documentation " Using IPsec VPN to secure iPhone communication with a network protected by a FortiGate unit" But it doesen' t work.... Do you have any tipps?

emnoc

New Member

general rules; ipsec ESP allow protocol 50 ( not a port # btw ) for IKE key change it' s either udp 500 or 4500 and sport 500 to dport 500. Btw port 4500 is used for NAT-T peers and NAT-T enabled peers will be identified in the initial IKEv1 packet. So back to your question, why do you need to change ports? and what are you doing? Draw a picture or diagram for us to better assist you. fwiw: You can change the ports on some firewall for NAT-T ( i.e cisco ASA ) but I never seen any needs for this. If your routing ipsec vpn thru another appliance, you will need them aware of this and have the right rules or protocol fixup. I hope that helps.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded