One key advantage of SSTP is that it can defeat many forms of VPN blocking since it can use a common port (TCP 443) which is, of course, the common port SSL websites use. Since Windows is common in most parts of the world, there’s a good chance you can access SSTP as a way to get around VPN blocking. When & Why Should You Use SSTP?
1. VPN Forced Tunnel. This is the most common starting scenario for most enterprise customers. A forced VPN is used, which means 100% of traffic is directed into the corporate network regardless of the fact the endpoint resides within the corporate network or not. Common reasons for VPN tunnel inactivity or instability issues. Problems with Internet Protocol Security (IPSec) Dead Peer Detection (DPD) monitoring; Idle timeouts due to low traffic on a VPN Tunnel or vendor-specific Firewall device configuration issues From your Firewall, open the connection for PPTP port (TCP port 1723), L2TP or IKEv2 port (UDP port 500, UDP port 4500). Or else, use the SSTP VPN Tunnel to avoid firewall to block ports for NAT, Proxy or VPN connections. Select a common port and protocol. Mobile VPN with IPSec uses specific ports and protocols that are blocked by some public Internet connections. By default, Mobile VPN with SSL operates on the port and protocol used for encrypted website traffic (HTTPS) to avoid being blocked. This is one of the main advantages of SSL VPN over other Mobile VPN
Dynamic port forwarding tends to be more common than static port forwarding, but for most users, the difference between the two will be negligible. Is VPN port forwarding safe? This is a question we are regularly asked about port forwarding and, of course, the concern is understandable.
PPTP (Point-to-Point Tunneling Protocol) VPN [RFC 2637] - commonly used to access a Microsoft Remote Access Server (RAS) port 1723 TCP GRE (Generic Routing Encapsulation, IP protocol=47) L2TP (Layer Two Tunneling Protocol) VPN - an extension of PPTP often used with IPSec to establish a VPN. port 1701 TCP port 500 UDP port 4500 UDP IPSec (Internet Protocol Security) VPN port 500 UDP (IKE negotiations) port 4500 UDP (in the presence of NAT-T, Network Address Translation-Traversal) Note: NAT-T Our VPN service uses these ports for Firewall configuration: For OpenVPN, we allow connections via TCP or UDP protocols on ports 443 or 1194. The IPVanish software uses port 443. Both PPTP and L2TP need the PPTP & L2TP pass-through options in the firewall/router's management interface to be enabled (if applicable). For L2TP/IPSEC VPN connections, you need to open UDP port 500 for Internet Key Exchange (IKE) traffic, UDP port 4500 (IPsec control path) and UDP port 1701 for L2TP traffic. IPsec ESP traffic also uses IP protocol 50. SSTP connections use TCP port 443 (SSTP traffic to/from the VPN server)
In some cases, UDP port 4500 is also used. This technote will explain when and why. It is becoming more common for VPN gateway devices or computers running VPN software to negotiate IKE while passing through a third-party NAT device. This means the device is using a private IP address on its WAN, or the computer is using a private IP address.
The Cisco VPN client is the client side application used to encrypt traffic from an end user's computer to the company network. IPSec is used to encrypt the traffic. When using standard IPSec, IKE is used for the key negotiation and IPSec to encrypt the data. IKE uses UDP port 500 and IPSec uses IP protocol 50, assuming ESP is used.