Reply To: Configuring ZeroZhell’s default IKE port (I.E.: 10000)

Home Page Forums Network Management VPN Configuring ZeroZhell’s default IKE port (I.E.: 10000) Reply To: Configuring ZeroZhell’s default IKE port (I.E.: 10000)

#52935

redfive
Participant

Ok , is clear now !!
Well , I did some tests while waiting for your reply , unfortunately my asa is down at the moment , so i did with an cisco isr….isn’t the same , but for the purpose could also be….host win7 , lan behind Zs , authenticated on the Captive portal … then launched the cisco vpn client (VPN_CLIENT 5.0.07.0410:WinNTp) to another site , where the cisco isr vpn server is listening ( on this second site , there is another Zs placed into a DMZ of the cisco router/fw/ips , that acts also as radius server for vpn auth. ) the vpn is ipsec/udp (500/4500) , this is the 1st log of the cisco vpn server regarding the connection

22:26:52 	192.168.191.1: 002312: Oct 4 22:26:52.288 Rome: ISAKMP: local port 500, remote port 56021

some logs later

22:26:53 	192.168.191.1: 002418: Oct 4 22:26:52.884 Rome: ISAKMP: Trying to insert a peer 79.40.121.136/109.52.78.253/56022/, and inserted successfully 86914934.

all the rest goes well , and the connection is established correctly, so , in my case , I would say that ZS doesn’t change the udp 500 port..you can take a look , on ZS , firewall , conntrack , fill the filter field with “10000” , then try to connect via vpn client , and click on refresh button… this is my output , I put 500 in “filter” field

udp      17 159 src=192.168.0.76 dst=79.40.121.136 sport=50692 dport=500 src=79.40.121.136 dst=109.52.78.253 sport=500 dport=50692 [ASSURED] mark=0 use=1
udp 17 170 src=192.168.0.76 dst=79.40.121.136 sport=50693 dport=4500 src=79.40.121.136 dst=109.52.78.253 sport=4500 dport=50693 [ASSURED] mark=0 use=1

Try , and let me know…
greetings