Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

blocking outbound IPSEC

How do I block outbound IPSEC over (transparent tunneling/NAT-T) TCP/UDP outbound. We do not want users to be able to create tunnles to unkown networks without our prior consent. Any input is appreciated...

Thanks

1 REPLY
Silver

Re: blocking outbound IPSEC

You would have to block everything outbound, or have a product in the mix that can inspect packets very deeply. Although there is a standard port number for nat transversal, I don't think there is any reason why someone couldn't cook up a solution that runs it on a non standard port. Also, there are lots of proprietary solutions out there, that do thinks differently

96
Views
0
Helpful
1
Replies
CreatePlease to create content