Knowledge Search


×
 

[ScreenOS] What ports are used for a Virtual Private Network (VPN)?

  [KB5671] Show Article Properties


Summary:

This article provides information about the ports that are used for a Virtual Private Network (VPN).

Symptoms:

Environment:

  • Autokey IKE.
  • NetScreen-Remote VPN Client behind another firewall.

Symptoms and errors:

  • Ports required for IPSec.
  • Ports need to be open on the firewall to allow IPSec or VPN through.
Solution:

Internet Protocol Security (IPSec) uses IP protocol 50 for Encapsulated Security Protocol (ESP), IP protocol 51 for Authentication Header (AH), and UDP port 500 for IKE Phase 1 negotiation and Phase 2 negotiations. UDP ports 500 and 4500 are used, if NAT-T is used for IKE Phase 1 negotiation and Phase 2 negotiations
 

Secure Sockets Layer (SSL) uses TCP port 443 and works by using a private key to encrypt data that is transferred over the SSL connection. SSL also uses 465 Secure SMTP, 993 Secure IMAP, and 995 Secure POP.
 

Layer Two Tunneling Protocol (L2TP) uses TCP port 1701 and is an extension of the Point-to-Point Tunneling Protocol. L2TP is often used with IPSec to establish a Virtual Private Network (VPN).
 

Point-to-Point Tunneling Protocol (PPTP) uses TCP port 1723 and IP protocol 47 Generic Routing Encapsulation (GRE). PPTP provides a low-cost, private connection to a corporate network through the Internet. PPTP works well for people who work from home or travel and need to access their corporate networks. It is often used to access a Microsoft Remote Access Server (RAS).

Modification History:

‚Äč2017-12-01: Article reviewed for accuracy. No changes made. Article is correct and complete.
2019-08-09: Fixed typo; corrected to IP Protocol 47

Related Links: