RE: Windows XP SP2: start L2TP/IPSec IKE negotiation on UDP port 4500 instead of 500
- From: "Geldrop, Paul van" <paul.van.geldrop@xxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 19 Jan 2006 15:39:39 +0100
If I understand correctly, Stefaan would like multiple IPsec connections by
disabling the passthrough.. but that makes the devices block UDP 500.. and when
negotiation starts on 500, it fails, therefore he'd like to start on 4500..
Is that a correct summary, Stefaan ?
________________________________
Van: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Verzonden: do 19-1-2006 15:29
Aan: [ISAserver.org Discussion List]
Onderwerp: [isalist] RE: Windows XP SP2: start L2TP/IPSec IKE negotiation on
UDP port 4500 instead of 500
http://www.ISAserver.org
Hi Stefaan,
I don't understand the problem. What's the difference if they start on
500 or 4500?
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxxxx]
> Sent: Thursday, January 19, 2006 3:54 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Windows XP SP2: start L2TP/IPSec IKE
> negotiation on UDP port 4500 instead of 500
>
> http://www.ISAserver.org
>
> Hey guys,
>
> Is it possible to configure Windows XP SP2 to start the IKE
> negotiation of a
> L2TP/IPSec VPN connection directly on UDP port 4500 instead
> of UDP port 500?
> According to the RFC's this is a valid configuration.
>
> The reason for this question is that a lot of cheap sharing
> devices limit
> the number of IPSec connections to one because of their IPSec hack
> implemention (aka IPSec passthough). If we switch off the
> IPSec passthrough
> setting in the sharing device then UDP port 500 is completely
> blocked.
>
> Thanks,
> Stefaan
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
paul.van.geldrop@xxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
This e-mail and any attachment is for authorised use by the intended
recipient(s) only. It may contain proprietary material, confidential
information and/or be subject to legal privilege. It should not be copied,
disclosed to, retained or used by, any other party. If you are not an intended
recipient then please promptly delete this e-mail and any attachment and all
copies and inform the sender. Thank you.
Other related posts:
