Should I open port 50 on my sonicwall??

[TiggerDaKat]

We have two groups of people setting up an SA to our sonicwall. One has been successful without changing any access rules in the sonciwall.
The other could not create a vpn tunnel without creating an access rule that looks like this:

IPSEC (ESP) [0,50]
Source (the remote ip address of the VPN) WAN
Destination *

Would a rule like this compromise our LAN and/or firewall in any way.
It has always been my experience that we didn't have to open up any ports or create any services on our Sonicwall.
Any thoughts would be appreciated.

 

[technome]

Any port open is a threat, but for IPsec, from a designated machine IP, negligable. I would not make the detination *, but the Sonicwall LAN IP address

On my Sonic, an Ipsec rule is not needed. If you needed to have a VPN connect to VPN Ras server, this rule would be needed to allow the VPN traffic to pass thru the Sonic from the WAN to another device on the network; beats me why this would be needed, if the Sonic is the endpoint for the VPN. Been a while since I set this up but Key exchange (500,17) is enabled both ways, steath mode is enabled, ping is enabled to the Sonicwall LAN IP address, POP, nothing else.