Port number used by the USG for NAT traversal

38

The USG firewalls use open port numbers for IPSec NAT traversal.
UDP packets with destination port set to 500 or 4500. If no NAT device exists, the port number is set to 500; if the NAT device exists, the port number is set to 4500.
IP packets using the AH (port number set to 51) or ESP (port number set to 50).

Other related questions:
Port used in firewall NAT traversal
Ports that shall be enabled when IPSec NAT traversal is used on the USG: Destination UDP ports 500 and 4500. If no NAT device is deployed, use port 500. If any NAT device is deployed, use port 4500. Port 51 for IP packets using the AH protocol and port 50 for IP packets using the ESP protocols.

Configuring IPSec NAT traversal on the USG
Run the nat traversal command on the IKE peers at the two sides of the gateway to implement IPSec NAT traversal.

Which port is used in IPSec NAT traversal scenarios
The initial port used in IKE negotiation is 500. After the NAT traversal capability detection and NAT gateway detection are complete, the UDP port for encapsulating ISAKMP messages is changed to 4500. The subsequent negotiation and data transmission use this port.

Port used in IPSec NAT traversal scenarios on the USG2000
The initial port used in IKE negotiation is 500. After the NAT traversal capability detection and NAT gateway detection are complete, the UDP port for encapsulating ISAKMP messages is changed to 4500. The subsequent negotiation and data transmission use this port.

Port used in IPSec NAT traversal scenarios on the USG9000
The initial port used in IKE negotiation is 500. After the NAT traversal capability detection and NAT gateway detection are complete, the UDP port for encapsulating ISAKMP messages is changed to 4500. The subsequent negotiation and data transmission use this port.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top