Client-server Internet key exchange goes through user datagram protocol port 500, 4500, or both.
This is a direct result of IPSec being an integral part of the IKEv2 specification. It’s also why e.g. ESP communications go through port 50. There is no going around any of these requirements as that’s just the way this particular cookie of networking systems crumbles. Both of the aforementioned ports are hence IPSec control paths, so even just regular use allows the system to periodically verify everything is working as intended. In fact, that’s the whole point of having control paths in the first place.
The same port pairing works regardless of whether a connected server is operating from behind a firewall or has a direct Internet connection. Closely related to this concept is port 1702 used by the L2TP specification which acts as both a data path and a full-fledged control vector.
Similar questions to “What UDP port is used for IKE traffic from a VPN client to server?”:
We also covered these answers, so in case you’re searching for them, they can be found under these links:
- Which VPN topology is also known as a hub-and-spoke configuration?
- Which VPN tunneling protocol uses IPSec with 3DES for data confidentiality?
- Which VPN protocol leverages web-based applications?
- For domain-joined computers, what is the simplest way to configure VPN connections?
- How does a virtual private network (VPN) provide additional security over other types of networks?