Ike Port

Luc999 Posts: 3
First Anniversary


i have read that the ike port (UDP=500) can't be changed. But in service i see that is possible.

I have a VPN between my 2 locations So my question is: if i change the port in my two VPN100 can be works the VPN?


All Replies

  • smb_corp_user
    smb_corp_user Posts: 159  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Normally, you would not want to change the UDP port number unless it is already in use in your network. Existing port numbers are like identifiers to make it easy for devices and software to identify the traffic packets.

    If you change the numbers on both sides, it might work, but there is no absolute guarantee that it will work as intended. You are more on your own when you use custom numbers.

  • PeterUK
    PeterUK Posts: 2,702  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited February 1

    IKE and the port it uses can't be changed services just list some default used ports for given things to allow by firewall like if you change HTTP port 80 to some other port you have not changed how traffic goes out.

    If your ISP is blocked UDP 500, 4500 and protocol 50 theirs not much you can do, can Zyxel add changes to allow a change in ports for VPN yes but will they is another question.

    Ways around this problem is costly by another USG at either end by double NAT or bridge (but likely your ISP blocks protocol 50 so one end would have to be double NAT) with a NAT rule to static IP's

    This is how both ends would need and then both need a NAT rule to change the port back to what it would use.

    the above works to change DNS port 53 to 443 to Open DNS be handy if Zyxel added FQDN (not WILDCARD) support in NAT

Security Highlight