Embed Size (px)
Citation preview
7/27/2019 How to %c3%a2%e2%82%Ac%e2%80%9c Bypass IPSec VPN Traffic
http://slidepdf.com/reader/full/how-to-c3a2e282ace2809c-bypass-ipsec-vpn-traffic 1/6
How To – Bypass IPSec VPN Traffic
Applicable Version: 10.00 onwards
Scenario
Cyberoam should bypass the IPSec VPN traffic between Site A and Site B, in other words, between
Router A and Firewall B. The network schema is as given below.
Configuration
Cyberoam can bypass IPSec VPN traffic if it has its UDP ports 500 and 4500 open both from WAN
and LAN sides. To open the ports, follow the steps given below. The configuration is to be done from
Web Admin Console using Administrator profile.
How To – Bypass IPSec VPN Traffic
7/27/2019 How to %c3%a2%e2%82%Ac%e2%80%9c Bypass IPSec VPN Traffic
http://slidepdf.com/reader/full/how-to-c3a2e282ace2809c-bypass-ipsec-vpn-traffic 2/6
How To – Bypass IPSec VPN Traffic
Step 1: Create Virtual Host for UDP port 500
Go to Firewall Virtual Host Virtual Host and click Add to create a new virtual host according to
parameters given below.
Parameter Description
Parameter Value Description
Name UDP_Port_500 Name to identify the Virtual Host.
External IP #PortC – 10.10.1.1
External IP address is the IP address
through which Internet users access
internal server/host.
Mapped IP 172.16.16.20Mapped IP address is the IP address of
the internal server/host.
Physical Zone LAN
LAN, WAN, DMZ, VPN or custom zone of
the mapped IP addresses. For example,
if mapped IP address represents any
internal server then the zone in which
server resides physically.
Port Forwarding
Enable Port Forwarding Enabled Click to enable service port forwarding.
Protocol UDPSelect the protocol TCP or UDP that you
want the forwarded packets to use.
Port Type PortClick to specify whether port mapping
should be single or range of ports.
External Port 500Specify public port number for which you
want to configure port forwarding.
Mapped Port 500
Specify mapped port number on the
destination network to which the public
port number is mapped.
7/27/2019 How to %c3%a2%e2%82%Ac%e2%80%9c Bypass IPSec VPN Traffic
http://slidepdf.com/reader/full/how-to-c3a2e282ace2809c-bypass-ipsec-vpn-traffic 3/6
How To – Bypass IPSec VPN Traffic
On clicking OK, you are asked to create Firewall Rules to allow access to the virtual host created.
Step 2: Add Firewall Rule
On clicking OK, the following screen is displayed prompting you to create Firewall Rules.
Enable Add Firewall Rule(s) For Virtual Host and specify parameters shown in the screen as
required. Click Add Rule(s) to add the firewall rule. The above firewall rule forwards all traffic from
port 500 on WAN side to port 500 on the LAN side.
7/27/2019 How to %c3%a2%e2%82%Ac%e2%80%9c Bypass IPSec VPN Traffic
http://slidepdf.com/reader/full/how-to-c3a2e282ace2809c-bypass-ipsec-vpn-traffic 4/6
How To – Bypass IPSec VPN Traffic
Step 3: Create Virtual Host for UDP port 4500
Go to Firewall Virtual Host Virtual Host and click Add to create a new virtual host according to
parameters given below.
Parameter Description
Parameter Value Description
Name UDP_Port_4500 Name to identify the Virtual Host.
External IP #PortC – 10.10.1.1
External IP address is the IP
address through which Internet
users access internal server/host.
Mapped IP 172.16.16.20Mapped IP address is the IP
address of the internal server/host.
Physical Zone LAN
LAN, WAN, DMZ, VPN or custom
zone of the mapped IP addresses.For example, if mapped IP address
represents any internal server then
the zone in which server resides
physically.
Port Forwarding
Enable Port Forwarding EnabledClick to enable service port
forwarding.
Protocol UDP
Select the protocol TCP or UDP
that you want the forwarded
packets to use.
Port Type Port
Click to specify whether port
mapping should be single or range
of ports.
External Port 4500
Specify public port number for
which you want to configure port
forwarding.
Mapped Port 4500
Specify mapped port number on
the destination network to which
the public port number is mapped.
7/27/2019 How to %c3%a2%e2%82%Ac%e2%80%9c Bypass IPSec VPN Traffic
http://slidepdf.com/reader/full/how-to-c3a2e282ace2809c-bypass-ipsec-vpn-traffic 5/6
How To – Bypass IPSec VPN Traffic
On clicking OK, you are asked to create Firewall Rules to allow access to the virtual host created.
Step 4: Add Firewall Rule
On clicking OK, the following screen is displayed prompting you to create Firewall Rules.
Enable Add Firewall Rule(s) For Virtual Host and specify parameters shown in the screen as
required. Click Add Rule(s) to add the firewall rule. The above firewall rule forwards all traffic from
port 4500 on WAN side to port 4500 on the LAN side.
7/27/2019 How to %c3%a2%e2%82%Ac%e2%80%9c Bypass IPSec VPN Traffic
http://slidepdf.com/reader/full/how-to-c3a2e282ace2809c-bypass-ipsec-vpn-traffic 6/6
How To – Bypass IPSec VPN Traffic
Note:
Ensure that there exists a similar Firewall Rules which forward all traffic from port 500 and 4500 on
LAN side to port 500 and 4500 respectively on the WAN side.
Document Version: 1.0 – 28/06/2012
