Firewall Ports Used for VPN Connections

If you run a firewall, it is imperative that the firewall rules allow the VPN traffic to pass in order to make a successful connection between your computer and the VPN server. Many firewalls are not configured to pass VPN traffic by default; you may need to reconfigure them yourself in order to permit the VPN connection.

This document cannot provide configuration instructions for the various manufacturers' firewalls. However, some general guidelines apply.

Control by host name or IP address

If your firewall controls access by identifying computers rather than by identifying ports, you should configure your firewall to allow trusted communication with the CITES VPN server.

If your software asks for a "host name" or "site", enter vpn3.near.uiuc.edu.

If your software asks for an "IP address", enter 192.17.144.3.

For example, ZoneAlarm handles computer-specific security by allowing you to add a host name or IP address to the "Trusted Zone" under the Firewall section's Zone tab. Other third-party firewalls may handle this differently.

To configure the free edition of ZoneAlarm to work with the campus VPN server:

1. Open ZoneAlarm.
2. Select the Firewall option.
3. On the Main tab, verify that the "Trusted Zone" security setting is set to medium.
4. On the Zones tab, click Add, then Host/Site.
5. To add the VPN server to your Trusted zone, enter the VPN server's name: vpn3.near.uiuc.edu.
6. Add a description of this entry. "CITES VPN server" is recommended.
7. Click OK.

Control by ports and protocols: List below

Some firewalls require specific details about what ports and protocols should be permitted. The ports and protocols that are required for VPN traffic are: