Manage Learn to apply best practices and optimize your operations.

How can I ensure the corporate VPN works with our firewall?

Understanding how a virtual private network (VPN) works with a firewall will allow you to get full connectivity through the correct network ports.

What do I need to configure in order to make sure the VPN works with our corporate firewall? Are there special considerations for making VPNs work with firewalls?

A virtual private network (VPN) is typically initiated from the outside. Since you are asking about your corporate firewall, I'll assume this case for the purposes of this answer. There are many SOHO firewalls that must be configured for VPN passthrough to allow VPN operation from the inside. Consequently, corporate firewalls must be configured to allow the relevant ports and protocols that are being used to initiate the VPN connection and to allow the transport of the VPN traffic to its relevant concentrator. It's important to note, placing the VPN gateway on the outside of the network perimeter is not recommended. This is different from standard stateful firewall operation with connections initiated from inside the perimeter. In this case, the firewall creates the required conduits for the return traffic on the fly. Therefore, for VPN operation the required ports and protocols must be noted and configured correctly. For SSL VPN, for example, you must ensure the SSL port is open for access to the SSL VPN gateway. This is typically Port 443 and operates over TCP, Protocol 6. For IPsec, however, you need to do a little more work and allow for IKE (for the initial key exchange), which operates via UDP on Port 500, as well as for NAT Traversal (in most cases), which operates via UDP Port 4500. Then, you must ensure that Protocol 50 for ESP and/or Protocol 51 for AH are open to allow the IPsec traffic to pass. There are other less commonly used VPN technologies that all have different unique requirements, for example PPTP, L2TP, L2F. Ultimately, the key is making sure you understand the requirements that are applicable to the security protocol that is being used.

For more information on how a VPN works:

This was last published in July 2012

Dig Deeper on Network Security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.