Firewalls are often deployed on the edge of our network environment to isolate the network and protect the security of the Intranet and Internet. For example, in the edge network, MIP a public IP address to a VPN device on the Intranet, for the sake of security, EDGE networks need to have selective open ports or Protocols. MIP is as follows: 650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0FP912P-0.jpg "/>
If IKE must be enabled during ipsec vpn, the corresponding port number UDP: 500, and sometimes port UDP: 4500 should be enabled to penetrate the NAT device, the information found on the internet is generally to open these two ports, so that we can do it through the ipsec vpn, but the VPN does not work, the tunnel cannot be established, refer to the relevant information prompts to activate the esp protocol, esp uses the protocol numbers 50 and 51. The activation protocol numbers under juniper are as follows:
650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0FP9D25-1.jpg "/>
Finally, I open the untrust-trust Service custom ipsec vpn:
650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/0FP92T4-2.jpg "/>
In addition, open UDP: 1701 for l2tp vpn
Pptp vpn must open TCP: 1723