Description:

If a VPN-Router or VPN-Client (PPTP/IPsec) is behind the firewall in a local area network, the following ports and protocols must be released for the VPN connection to be established and for payload data to be transmitted:


LANCOM VPN-Router:

- IKE negotiation = UDP 500
- ESP encapsulating security payload (protocol 50) or

Optionally:
- AH authentication header (protocol 51)

  • UPD port 4500 must be activated when using NAT-T
  • UPD port 87 must be activated when using Dynamic VPN



LANCOM Advanced VPN Client:

- IKE negotiation = UDP 500
- ESP encapsulating security payload (protocol 50) or

Optionally:
- AH authentication header (protocol 51)

  • UPD port 4500 must be activated when using NAT-T



Windows IPSec/PPTP function:

- PPTP negotiation = TCP 1723 (GRE is forwarded automatically with this entry)
- IKE negotiation = UDP 500

- GRE general routing encapsulation (protocol 47)
- ESP encapsulating security payload (protocol 50)


You can find a summary of ports and protocol numbers under www.iana.org

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2025 LANCOM Systems GmbH