Help with IPSEC



  • Hoping someone can help me with IPSEC. We have a pfsense device working without issue, there are 2 wan interfaces and 1 lan interface. The two wans are connected to 2 different gateway routers using a /30 ip range each and  the lan has a /25. Can anyone tell me what ports I need to forward through a CIsco 1720 to get IPSEC working? Im confident that the pfsense is OK as if i set the client to the WAN IP of the pfsense it works OK but if I try and connect to the public IP of the wan gateway routers the connection fails



  • Here you go:

    Internet Protocol Security (IPSec) uses IP protocol 50 for Encapsulated Security Protocol (ESP), IP protocol 51 for Authentication Header (AH), and UDP port 500 for IKE Phase 1 negotiation and Phase 2 negotiations. UDP ports 500 and 4500 are used, if NAT-T is used for IKE Phase 1 negotiation and Phase 2 negotiations

    but I'd recommend you remove those ciscos and use pfsense as the gateway,