What is Protocol 50
Hi
Can anyone explain how protocol 50 or protocol 51 is different from TCP/UDP port 50 and 51 Regards Jaspreet Sandhu |
Networking is composed of layers; usually, this is the OSI model (see http://en.wikipedia.org/wiki/OSI_model for details). IP is one of these layers, and can encapsulates data from the layer above. In the IP header, there is a marker identifying the type of data that is contained within the IP packet - this is just a number, such as 6 for TCP or 17 for UDP. Protocol 50 is one of these - it denotes encapsulating security payload, and is commonly used with VPN applications.
Protocol 50 differs from TCP port 50 in that TCP port 50 is specific to the TCP protocol in the transport layer (layer 4), whereas protocol 50 is specific to the IP protocol in the network layer (layer 3). ICMP is another example of a protocol number (it is number 1) - but ICMP does not use port numbers like protocols such as TCP and UDP do, i.e. not all IP protocols use port numbers. Hope this helps. |
Oh and if you want a complete list of IP protcols, see
http://www.iana.org/assignments/protocol-numbers Protocol 51 is authentication header but I'm not sure what it's used for. |
Great understood the difference between protocol number and port no
Question no 2 arises is if I am using a NAT router on the network that blocks all the ports Can I forward protocol 50 like I can forward ports for TCP and UDP I dnt see any such option on my router Does a NAT router blocks such kinda traffic? Hey AH is used in IPSEC VPN a type of encapsulation of IP. ESP is also used in IPSEC VPN a type of encapsulation of IP with encryption of Data. Regards Jaspreet Sandhu |
A NAT router will block everything unless it is specifically forwarded from the router to a node on your internal network - because the traffic is sent to the router and the router will not know which node it needs to be sent to unless you define it specifically in the forwarding rules.
I haven't ever seen a router which will allow you to forward IP protocols (I've only ever seen the option to forward TCP and/or UDP ports) - but some routers allow you to designate a host on your internal network as a "DMZ host", in which case the router will forward all unclaimed traffic to that host. However, if you do do this it's a good idea to make sure you've got a solid firewall on that host as it exposes it to attacks from the internet. |
Yes im sure it can be done somehow. On my modem in the firewall settings theres a command to allow protocal 50 threw. I have a westell made modem/router and the command looks like this...
pass protocol 50 >> state, done as far as i know firewall configs take precidence over NAT configs also |
Perhaps this article from HP will help on the Protocol 50 question
|
All times are GMT -5. The time now is 08:51 AM. |