Right, so I am having some problems with configuring my windows server 2016 as a VPN server with L2TP and ipsec behind my Prosafe SRX5308 firewall. As I have seen from searching the forum, there seems to be some problems with forwarding port UDP 500 as this is one of the native/reserved ports within the firewall/router itself. When I try to add UPD 500 as a service, I get the following error "Port range conflicts with default service or HTTPS port(s)". Also, when I try to add a firewall rule for this native service by going to Security->Firewall->Add->Service, I cannot find anything regarding the native default service for this port. Can anyone help me here? Is there any workaround? Seems kind of strange if this isn't possible. I do not want to use the firewall/router as a vpn server. I want to use my own servers for that. I also don't want to buy a new firewall just because of this. This is my own hardware, not work related. Today I am running a PPTP server, but I want to run something more secure.
I am currently using firmware version 3.0.8-12. I tried upgrading to the newest one (4.x...something), but for some reason all my configuration dissapeard, and I couldn't get data traffic from the inside of my network out on the internet. The firewall could ping and do dns resolves on the internet, but none of my computers could reach the outside world. I got ping reply from the firewall, but not anything beyond that.
Please help! 😄
Thanks in advanced!
Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Unfortunately, we cannot create a service that is already been used by the firewall. You may try to translate the port to a different number in order for you to open the UDP port 500. I cannot guarantee that this will work. This is just a part of a workaround that we can try in order to resolve your issue.
I did try to replicate your issue with our SRX5308 running on the latest firmware and I was able to create UDP Port 500. I was able to successfully assign it to a port. May you be able to try upgrading your firewall to the latest firmware?
Using Firmware 3.0.8-12 you can forward UDP port 500 by using the existing service IKE. Add the inbound firewall rule as normal and select IKE as the service. It's towards the bottom of the list, which is not strictly in alphabetical order. I missed it at first.
After adding this rule, UDP 1701 and UDP 4500 I can connect to an internal IPSEC/L2TP VPN server.
Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
