cancel
Showing results for 
Search instead for 
Did you mean: 

Basic SSL VPN Information for Newbie

good2go_
Not applicable

Basic SSL VPN Information for Newbie

Hi, thanks in advance for your help.

 

Generic scenario:

 

I want to connect outside my network using an SSL VPN client and it uses Port 443. I open the connection on my firewall to allow 443 out.

 

I have a software application that allows me to view other VMs and that software uses port 4700. I want to view the VMs outside my network and on the network I VPN into. Do I also need to allow port 4700 on my firewall?

 

The VPN creates the secure tunnel using 443. the traffic going through the tunnel on port 4700, how is that seen by the host firewall and/or border firewall for that matter? Isn't it hidden in the tunnel?

 

again, thanks in advance for bearing with this newbie...

3 REPLIES 3
Kita_
Valued Contributor

Re: Basic SSL VPN Information for Newbie

If the firewall is in front of the SA/MAG device, you will want to open tcp port 443 (ssl) and udp port 4500 (esp).  Any traffic going through the tunnel will not need to be opened on the firewall since this data is encapsulated via ssl or esp.

spuluka
Super Contributor

Re: Basic SSL VPN Information for Newbie

You might find this overview of deployment options helpful.

 

SSL deploy options:

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB10162

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home
zanyterp_
Respected Contributor

Re: Basic SSL VPN Information for Newbie

As kita & spuluka said, inbound from internet to the appliance is 443/4500; internally, any firewalls need to allow access to/from the VPN tunneling ip range as that is the observed address