Implicit IKE

 

In order for IKE negotiations to occur for your VPN, you need to allow UDP datagrams over port 500 for this type of IP traffic. However, if there are no filter rules on the system specifically written to permit IKE traffic, then the system will implicitly allow IKE traffic to flow.

To establish a connection, most VPNs require Internet Key Exchange (IKE) negotiations to occur before IPSec processing can happen. IKE uses the well-known port 500, so for IKE to work properly, you need to allow UDP datagrams over port 500 for this type of IP traffic. If there are no filter rules on the system specifically written to permit IKE traffic, then IKE traffic is implicitly allowed. However, rules written specifically for UDP port 500 traffic are handled based on what is defined in the active filter rules.

 

Parent topic:

VPN and IP filtering