A security engineer is troubleshooting a network where internal users can access internet websites but cannot reach the company's external VPN server (IP 203.0.113.50, UDP port 500). The firewall rule for VPN traffic is correctly configured. What is the most likely cause?
Trap 1: The VPN server is using TCP port 443 instead of UDP 500.
The server is expected to use UDP 500 for IKE.
Trap 2: The firewall rule is applied to the wrong interface.
The rule is correctly configured per the question.
Trap 3: The firewall is stateful and blocking the return traffic.
Stateful firewalls allow return traffic for established sessions.
- A
The VPN server is using TCP port 443 instead of UDP 500.
Why wrong: The server is expected to use UDP 500 for IKE.
- B
The firewall rule is applied to the wrong interface.
Why wrong: The rule is correctly configured per the question.
- C
The firewall is stateful and blocking the return traffic.
Why wrong: Stateful firewalls allow return traffic for established sessions.
- D
The VPN server is not listening on UDP port 500.
If the server does not have the VPN service running, it won't respond, causing the client to time out.