Re: [m0n0wall] Ports used by IPSEC connections? My m0n0wall is behind another firewall

From:	"Jonathan Romero" <jromero at raydiance dash inc dot com>
To:	"Bjoern Euler" <lists at edain dot de>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Ports used by IPSEC connections? My m0n0wall is behind another firewall
Date:	Mon, 11 Sep 2006 15:58:51 -0400

Hello Bjoern,

This isnt a basic nat setup, it's actually 1:1.  There is an external
public IP directly mapped to an internal one.  On each side the remote
gateway is explicitly labeled as the public IP on each end.

This is a network to network IPSec bridge using the static
configuration, not the mobile clients.

As far as I know this should work.  But I could very likely be wrong.

Thanks for the link to the FAQ, and taking the time to give me the
port assignments.  I will attempt to get this working and report back.

-Jonathan

On 9/11/06, Bjoern Euler <lists at edain dot de> wrote:
> Jonathan Romero wrote:
>
> > I would like to be able to do IPSEC connections with this unit, but I
> > need to tell the site admin what ports/protocols he needs to open up
> > for this to work.
>
> You'll need UDP Port 500 and IP Proto 50 (ESP). Depending on the NAT
> implementation on the router in front of your box you may have troubles,
> though.
>
> Also have a look at this:
> http://doc.m0n0.ch/handbook/faq-ipsec-nat-t.html
>
> Regards,
> -Björn
>

-- 
Jonathan S. Romero