IPSec - Fritz!Box Exposed Host

Setting up the Exposed Host on a Fritz!Box

New article with version: 12.5.2 10.2023

notempty

This article refers to a Resellerpreview

Introduction

Note
This article includes descriptions of third-party software and is based on the status at the time this page was created.
Changes to the user interface on the part of the manufacturer are possible at any time and must be taken into account accordingly in the implementation.
All information without warranty.

Some routers, such as the Fritz!Box, have the ability to forward ESP. The Fritz!Box achieves this via the Exposed Host. However, this must be configured manually. Especially if there is such a router in front of a Securepoint UTM on both sides of an IPSec tunnel.
notempty

This can be useful for an IPSec connection between a UTM and a Fritz!Box, or for IPSec connections of multiple UTMs with a Fritz!Box.

Configure Exposed Host

Step 1 - Add device Step 1 - Add device
In the interface of the Fritz!Box Internet ➊ → Open Permit Access ➋ Go to the Port Sharing ➌ dialog Click on the Add Device for Sharing button ➍ If the corresponding device has already been added, click on the Edit ➎ button			Adding a device to port sharing in Fritz!Box
			Adding a device to port sharing in Fritz!Box
Step 2 - Configure device Step 2 - Configure device
Caption	Value	Description	Configuration of a device for port sharing in the Fritz!Box
Device	Please select ...	Select the appropriate UTM
IPv4 address		Set automatically after device selection
MAC address		Set automatically after device selection
IPv6 Interface-ID	:: : : :	Set automatically after device selection
The following options can only be set after device selection.
Allow independent port sharing for this device		Enable to allow independent port sharing for the UTM
IPv4 settings
Fully enable this device for Internet access via IPv4 (Exposed Host)		Enable, so that a corresponding configured port sharing is possible
IPv6 settings
Enable PING6		If required, PING6 can be enabled by activation
Open firewall for delegated IPv6 prefixes of this device		If required, activation can open the firewall for delegated IPv6 prefixes for this device
Fully enable this device for Internet access via IPv6 (Exposed Host)		Enable for IPv6 to allow appropriately configured port sharingnotempty Corresponding Firewall Rules are required for this.

Step 3 - Permit Access Step 3 - Permit Access
In the Permit Access section, the New share button in the window that opens is used to make one port share each for ESP and UDP 500/4500.
Fig.1 Application Other application Name IPSec ESP Choose a suitable name for this port Protocol ESP Ok Fig.2 Application Other application Name IPSec UDP 500 Choose a suitable name for this port Protocol UDP Port to device 500 through Port 500 Here the port sharing for UDP 500 is entered Port requested externally 500 Is automatically filled in by the upper input Ok Fig.3 Application Other application Name IPSec UDP 4500 Choose a suitable name for this port Protocol UDP Port to device 4500 through Port 4500 Here the port sharing for UDP 4500 is entered Port requested externally 4500 Is automatically filled in by the upper input Ok
Subsequently, the configuration is applied via the → Apply button.

Introduction

Configure Exposed Host

Step 1 - Add device

Step 2 - Configure device

Step 3 - Permit Access