Answer

How can I ensure the corporate VPN works with our firewall?

What do I need to configure in order to make sure the VPN works with our corporate firewall? Are there special considerations for making VPNs work with firewalls?

    Requires Free Membership to View

A virtual private network (VPN) is typically initiated from the outside. Since you are asking about your corporate firewall, I'll assume this case for the purposes of this answer. There are many SOHO firewalls that must be configured for VPN passthrough to allow VPN operation from the inside. Consequently, corporate firewalls must be configured to allow the relevant ports and protocols that are being used to initiate the VPN connection and to allow the transport of the VPN traffic to its relevant concentrator. It's important to note, placing the VPN gateway on the outside of the network perimeter is not recommended. This is different from standard stateful firewall operation with connections initiated from inside the perimeter. In this case, the firewall creates the required conduits for the return traffic on the fly. Therefore, for VPN operation the required ports and protocols must be noted and configured correctly. For SSL VPN, for example, you must ensure the SSL port is open for access to the SSL VPN gateway. This is typically Port 443 and operates over TCP, Protocol 6. For IPsec, however, you need to do a little more work and allow for IKE (for the initial key exchange), which operates via UDP on Port 500, as well as for NAT Traversal (in most cases), which operates via UDP Port 4500. Then, you must ensure that Protocol 50 for ESP and/or Protocol 51 for AH are open to allow the IPsec traffic to pass. There are other less commonly used VPN technologies that all have different unique requirements, for example PPTP, L2TP, L2F. Ultimately, the key is making sure you understand the requirements that are applicable to the security protocol that is being used.

For more information on how a VPN works:

This was first published in July 2012

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: