|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Operational impact of filtering SMB/NETBIOS traffic?
Ethan Butterfield [mailto:[email protected]] wrote: > From: Jim Mercer <[email protected]> > > as i understand it, ipsec doesn't use ports. > Yes and no. IPSec uses UDP port 500 for the ISAKMP key > exchange and the > tunnel setup, but all other traffic is IP Protocol 50 (ESP) > or 51 (AH). > Most firewalls I've seen block wierd (i.e., just about > everything that's > not standard TCP or IP Protocol 1 (ICMP)) by default, or at > least flag it > as strange. interestingly enough, ICSA firewall certification requires port 500 (ISAKMP) to be closed, so in theory, you cannot have an ICSA Firewall that also does standards conforming IPSec. there is a loophole, however. ICSA will let you off the hook if your manuals explain how to turn off port 500 in your IPSec capable firewall (or firewall capable IPSec box.) richard |