Wednesday, November 25, 2015

Packet filters for Layer Two Tunneling Protocol over Internet Protocol security (L2TP/IPSec)

Configure the following input filters with the filter action set to Drop all packets except those that meet the criteria below:
  • Destination IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and UDP destination port of 500.

    This filter allows Internet Key Exchange (IKE) traffic to the VPN server.
  • Destination IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and UDP destination port of 1701.

    This filter allows L2TP traffic from the VPN client to the VPN server.
  • Destination IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and UDP destination port of 4500.

    This filter allows IPSec network address translator traversal (NAT-T) traffic.
Configure the following output filters with the filter action set to Drop all packets except those that meet the criteria below:
  • Source IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and UDP source port of 500.

    This filter allows IKE traffic from the VPN server.
  • Source IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and UDP source port of 1701.

    This filter allows L2TP traffic from the VPN server to the VPN client.
  • Source IP address of the VPN server's Internet interface, subnet mask of 255.255.255.255, and UDP source port of 4500.

    This filter allows IPSec NAT-T traffic.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)