Home Page › Forums › Network Management › VPN › Configuring ZeroZhell’s default IKE port (I.E.: 10000) › Reply To: Configuring ZeroZhell’s default IKE port (I.E.: 10000)
Ok , is clear now !!
Well , I did some tests while waiting for your reply , unfortunately my asa is down at the moment , so i did with an cisco isr….isn’t the same , but for the purpose could also be….host win7 , lan behind Zs , authenticated on the Captive portal … then launched the cisco vpn client (VPN_CLIENT 5.0.07.0410:WinNTp) to another site , where the cisco isr vpn server is listening ( on this second site , there is another Zs placed into a DMZ of the cisco router/fw/ips , that acts also as radius server for vpn auth. ) the vpn is ipsec/udp (500/4500) , this is the 1st log of the cisco vpn server regarding the connection
22:26:52 192.168.191.1: 002312: Oct 4 22:26:52.288 Rome: ISAKMP: local port 500, remote port 56021
some logs later
22:26:53 192.168.191.1: 002418: Oct 4 22:26:52.884 Rome: ISAKMP: Trying to insert a peer 22.214.171.124/126.96.36.199/56022/, and inserted successfully 86914934.
all the rest goes well , and the connection is established correctly, so , in my case , I would say that ZS doesn’t change the udp 500 port..you can take a look , on ZS , firewall , conntrack , fill the filter field with “10000” , then try to connect via vpn client , and click on refresh button… this is my output , I put 500 in “filter” field
udp 17 159 src=192.168.0.76 dst=188.8.131.52 sport=50692 dport=500 src=184.108.40.206 dst=220.127.116.11 sport=500 dport=50692 [ASSURED] mark=0 use=1
udp 17 170 src=192.168.0.76 dst=18.104.22.168 sport=50693 dport=4500 src=22.214.171.124 dst=126.96.36.199 sport=4500 dport=50693 [ASSURED] mark=0 use=1
Try , and let me know…