Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Hey guys
In terms of host-inbound-traffic required for VPN setup (i.e interfaced exposed to internet), is it fair to say we simply require IKE as minimum and that all?.
Regards
if you are using site-to-stite VPN we can run with just ike. If its dynamic VPN we need https as well.
thats interesting suraj. on cisco platform there's a few port/protocols required covering ipsec and esp.
... yes on SRX seems to work with ike only.
thanks man !
On every device you have to keep in mind that the ports for the protocols are open, esp and ah use the same ports. Or you must have decided that you want to use other ports
If you want additional control over what gets permitted, you can make use of the junos-host zone.
Check these for more information:
http://forums.juniper.net/t5/SRX-Services-Gateway/Junos-host-zone-clarification/td-p/270990
http://kb.juniper.net/InfoCenter/index?page=content&id=KB24227&smlogin=true
Regards,
Srinath