Understanding Security and Tunnel Predefined Policy Applications

When you create a policy, you can specify predefined security and tunnel applications for the policy.

Before You Begin
For background information, read Security Policy Applications.

Table 40 lists each supported application and gives the default port(s) and a description of each entry.

Table 40: Supported Applications

Application	Port	Description
IKE	UDP source 1-65535; UDP destination 500 4500 (used for NAT traversal)	Internet Key protocol (IKE) is a protocol to obtain authenticated keying material for use with ISAKMP. When configuring auto IKE, you can choose from three predefined Phase 1 or Phase 2 proposals: Standard: AES and 3DES Basic: DES and two different types of authentication algorithms Compatible: Four commonly used authentication and encryption algorithms
L2TP	1723	L2TP combines PPTP with Layer 2 Forwarding (L2F) for remote access.
PPTP	—	Point-to-Point Tunneling Protocol allows corporations to extend their own private network through private tunnels over the public Internet.

Application

Port

Description

IKE

UDP source 1-65535; UDP destination 500

4500 (used for NAT traversal)

Internet Key protocol (IKE) is a protocol to obtain authenticated keying material for use with ISAKMP.

When configuring auto IKE, you can choose from three predefined Phase 1 or Phase 2 proposals:

L2TP

1723

L2TP combines PPTP with Layer 2 Forwarding (L2F) for remote access.

PPTP

—

Point-to-Point Tunneling Protocol allows corporations to extend their own private network through private tunnels over the public Internet.