OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [fw-wiz] UDP 500 and IP 50
From: Jeffery.Gieserminnesotamutual.com
Date: Mon May 22 2000 - 09:42:01 CDT


Patrick,

UDP Port 500 is used by the Internet Key Exchange (IKE) protocol. This is
the automatic key exchange for IPSEC. IP Protocol 50 is the Encapsulated
Security Payload (ESP) Protocol. It is used for encryption in IPSEC. You
can use either ESP or AH (Authentication Header, IP protocol 51) for
integrity/authentication. You may need to open up Protocol 51 as well. The
current RFC (I think) are AH - RFC 2402, ESP - RFC 2406, and IKE - RFC
2409. The vendor is correct about needing these ports/protocols to be open
for VPNs. You should terminate your VPN in a protected DMZ so that the
unencrypted traffic is not visible to any external networks but the traffic
would still be required to go through your firewall. If you are terminating
a VPN on your internal network then no matter how secure the rest of your
network is it is only as secure as that VPN termination point and the
networks those VPNs originate in.

Regards,
Jeffery Gieser

Hi,

We have a vendor that has asked that we open UDP 500 and allow IP protocol 50
to pass our firewall. Two questions here.. 1) What is running on UDP 500, and
what is IP 50 doing? Something similar to GRE(47)? The vendor claims they
need this to establish a connection to their VPN. Any input would be greatly
appreciated.

Patrick Bryan
Network Analyst
SwedishAmerican Health System