This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Martin_Raska
Advisor
Advisor
Wednesday

IKED port 30500 and 34500

Hello,

can someone please explain the ports for IKED in R81.20 and R82?

 

From R82 Site-Site admin guide

The IKE daemon "iked"
Introduced in the R81.10 version.
Listens on these ports on a Security Gateway:
IKE: 30500 - 30563 (UDP)
IKE NAT-T: 34500 - 34563 (UDP)
Tunnel Test: 48234 - 48297 (UDP)
Check Point RDP: 30259 - 30322 (UDP)
L2TP: 31701 - 31764 (UDP)

From R82 GW, but its also the same for R81.20

[Expert@chkp-demo-gw-2:0]# netstat -tulnp | grep iked
tcp 0 0 127.0.0.1:9994 0.0.0.0:* LISTEN 6907/iked
udp 0 0 0.0.0.0:30259 0.0.0.0:* 6907/iked
udp 0 0 0.0.0.0:30500 0.0.0.0:* 6907/iked
udp 0 0 192.168.7.12:31701 0.0.0.0:* 6907/iked
udp 0 0 192.168.7.12:48234 0.0.0.0:* 6907/iked
udp 0 0 0.0.0.0:34500 0.0.0.0:* 6907/iked

 

and my question is, where is IKE UDP 500 and NAT-T UDP 4500. On R81.20 or R82, I cannot find it for IKED and VPND

the same statement is here - sk180488

 

On maestro R81.20 its different

[Expert@XXX-ch01-03:2]# netstat -tulnp | grep 500
udp 0 0 0.0.0.0:500 0.0.0.0:* 12698/vpnd
udp 0 0 0.0.0.0:4500 0.0.0.0:* 12698/vpnd

all three mentioned GWs are doing active RA or S2S so it should listening on udp 500/4500 so I am confused by admin guide and the sk180488

 

 

0 Kudos
3 Replies
QixingCao_MTech
Participant
Thursday

I have the same question, I am connected to the CLI of an R81.20 vpn gateway through remote access client (Endpoint Security VPN on macOS), but I can not find udp port 4500 from its "netstat -anp" output, although pcap on my laptop tells me I am using NAT-T (4500). It's very weird. Hope someone can answer this.🤔

[Expert@MTSH:0]# netstat -anp | grep iked
tcp        0      0 127.0.0.1:9994              0.0.0.0:*                   LISTEN      21664/iked          
tcp        0      0 127.0.0.1:60942             127.0.0.1:1024              ESTABLISHED 21664/iked          
tcp        0      0 127.0.0.1:60930             127.0.0.1:1024              ESTABLISHED 21664/iked          
tcp        0      0 127.0.0.1:60996             127.0.0.1:1024              ESTABLISHED 21664/iked          
tcp        0      0 127.0.0.1:60936             127.0.0.1:1024              ESTABLISHED 21665/iked          
tcp        0      0 127.0.0.1:42239             127.0.0.1:8989              ESTABLISHED 21665/iked          
tcp        0      0 127.0.0.1:61150             127.0.0.1:1024              ESTABLISHED 21665/iked          
tcp        0      0 127.0.0.1:50655             127.0.0.1:8989              ESTABLISHED 21664/iked          
tcp        0      0 127.0.0.1:60928             127.0.0.1:1024              ESTABLISHED 21665/iked          
udp        0      0 0.0.0.0:30259               0.0.0.0:*                               21664/iked          
udp        0      0 0.0.0.0:30260               0.0.0.0:*                               21665/iked          
udp        0      0 0.0.0.0:34500               0.0.0.0:*                               21664/iked          
udp        0      0 0.0.0.0:34501               0.0.0.0:*                               21665/iked          
udp        0      0 0.0.0.0:30500               0.0.0.0:*                               21664/iked          
udp        0      0 0.0.0.0:30501               0.0.0.0:*                               21665/iked          
udp        0      0 61.169.179.146:31701        0.0.0.0:*                               21664/iked          
udp        0      0 61.169.179.146:31702        0.0.0.0:*                               21665/iked          
udp        0      0 61.169.179.146:48234        0.0.0.0:*                               21664/iked          
udp        0      0 61.169.179.146:48235        0.0.0.0:*                               21665/iked          
unix  3      [ ]         STREAM     CONNECTED     44650  21664/iked          
unix  3      [ ]         STREAM     CONNECTED     44649  21664/iked          
unix  3      [ ]         STREAM     CONNECTED     45689  21664/iked          
unix  3      [ ]         STREAM     CONNECTED     45691  21665/iked          
unix  3      [ ]         STREAM     CONNECTED     44634  21665/iked          
unix  3      [ ]         STREAM     CONNECTED     44633  21665/iked

  

0 Kudos
the_rock
Legend
Legend
yesterday
In response to QixingCao_MTech

From my R82 lab.

Andy

 

[Expert@R82:0]# netstat -anp | grep iked
tcp 0 0 127.0.0.1:9994 0.0.0.0:* LISTEN 16951/iked
tcp 0 0 127.0.0.1:39942 127.0.0.1:1024 ESTABLISHED 16951/iked
tcp 0 0 127.0.0.1:39958 127.0.0.1:1024 ESTABLISHED 16955/iked
tcp 0 0 127.0.0.1:63912 127.0.0.1:1024 ESTABLISHED 16953/iked
tcp 0 0 127.0.0.1:34860 127.0.0.1:1024 ESTABLISHED 16955/iked
tcp 0 0 127.0.0.1:53162 127.0.0.1:1024 ESTABLISHED 16951/iked
tcp 0 0 127.0.0.1:39944 127.0.0.1:1024 ESTABLISHED 16953/iked
tcp 0 0 127.0.0.1:49879 127.0.0.1:8989 ESTABLISHED 16955/iked
tcp 0 0 127.0.0.1:61533 127.0.0.1:8989 ESTABLISHED 16951/iked
tcp 0 0 127.0.0.1:39902 127.0.0.1:1024 ESTABLISHED 16953/iked
tcp 0 0 127.0.0.1:39888 127.0.0.1:1024 ESTABLISHED 16951/iked
tcp 0 0 127.0.0.1:39908 127.0.0.1:1024 ESTABLISHED 16955/iked
tcp 0 0 127.0.0.1:35389 127.0.0.1:8989 ESTABLISHED 16953/iked
udp 0 0 0.0.0.0:34500 0.0.0.0:* 16951/iked
udp 0 0 0.0.0.0:34501 0.0.0.0:* 16953/iked
udp 0 0 0.0.0.0:34502 0.0.0.0:* 16955/iked
udp 0 0 0.0.0.0:38416 0.0.0.0:* 16951/iked
udp 0 0 0.0.0.0:58319 0.0.0.0:* 16953/iked
udp 0 0 0.0.0.0:62997 0.0.0.0:* 16955/iked
udp 0 0 0.0.0.0:30259 0.0.0.0:* 16951/iked
udp 0 0 0.0.0.0:30260 0.0.0.0:* 16953/iked
udp 0 0 0.0.0.0:30261 0.0.0.0:* 16955/iked
udp 0 0 0.0.0.0:30500 0.0.0.0:* 16951/iked
udp 0 0 0.0.0.0:30501 0.0.0.0:* 16953/iked
udp 0 0 0.0.0.0:30502 0.0.0.0:* 16955/iked
udp 0 0 172.16.10.253:31701 0.0.0.0:* 16951/iked
udp 0 0 172.16.10.253:31702 0.0.0.0:* 16953/iked
udp 0 0 172.16.10.253:31703 0.0.0.0:* 16955/iked
udp 0 0 172.16.10.253:48234 0.0.0.0:* 16951/iked
udp 0 0 172.16.10.253:48235 0.0.0.0:* 16953/iked
udp 0 0 172.16.10.253:48236 0.0.0.0:* 16955/iked
unix 3 [ ] STREAM CONNECTED 62474 16955/iked
unix 3 [ ] STREAM CONNECTED 62473 16955/iked
unix 3 [ ] STREAM CONNECTED 50156 16951/iked
unix 3 [ ] STREAM CONNECTED 58444 16953/iked
unix 3 [ ] STREAM CONNECTED 57024 16953/iked
unix 3 [ ] STREAM CONNECTED 50157 16951/iked
unix 3 [ ] STREAM CONNECTED 57027 16955/iked
unix 3 [ ] STREAM CONNECTED 57021 16951/iked
unix 3 [ ] STREAM CONNECTED 58443 16953/iked
[Expert@R82:0]#

0 Kudos
PhoneBoy
Admin
Admin
Thursday

The kernel module is redirecting the traffic to the “listening” port, which is useful with multithreaded iked.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    CheckMates Events