IPsec Question

Ullah Kaleem 1 Reputation point
2022-04-05T10:22:38.2+00:00

Hello to All Professional there,

i have a Question, while doing a school project i stuck on this, over which i am searching on internet from past one week. But couldn't found it.

My Senerio) As we all know IPsec Protocol use UDP port 4500 or UDP port 500 and we all know that these ports are normally closed on all public networks, in my senerio i am employeer and own a company (Just assuming :) ) and i have given an Opportiunity of a Remote Access VPN to my employee, while my emplooyee's abroad trip, he is sitting in a Coffee Shop but the coffee shop has closed at his local network port 500 and 4500 now my employee is going to face an VPN connectivity issue.

*) so my Question is how do i overcome this problem. Do i have to Configure something ? Exactly what schould i do ?

i would appreciate your answers.

Thanks alot.

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
197 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,267 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SaiKishor-MSFT 17,216 Reputation points
    2022-04-06T15:55:29.107+00:00

    @Anonymous Thank you for reaching out to Microsoft Q&A. I understand that you have questions regarding Remote Access VPN.

    Please note that this Forum is specifically for questions related to Azure but your question seems more generalized.

    As you mentioned, a lot of Public places block UDP ports 500, 4500 that IPSEC protocol uses. However, for remote access VPN, taking Azure Point to Site VPN as an example, it involves multiple options.

    Azure supports three types of Point-to-site VPN options:

    1. Secure Socket Tunneling Protocol (SSTP). SSTP is a Microsoft proprietary SSL-based solution that can penetrate firewalls since most firewalls open the outbound TCP port that 443 SSL uses.
    2. OpenVPN. OpenVPN is a SSL-based solution that can penetrate firewalls since most firewalls open the outbound TCP port that 443 SSL uses.
    3. IKEv2 VPN. IKEv2 VPN is a standards-based IPsec VPN solution that uses outbound UDP ports 500 and 4500 and IP protocol no. 50. Firewalls do not always open these ports, so there is a possibility of IKEv2 VPN not being able to traverse proxies and firewalls.

    As shown above, given that IPSEC protocol could be blocked, you can choose other options available such as using SSTP or Open VPN which use TCP 443 port. A lot of other vendors in the market also support SSL (TCP 443) based Remote Access VPN solutions that can be used. Hope this helps.

    Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

    0 comments