Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
3
Helpful
4
Replies

PPTP and Remote Desktop

homeboarder8
Level 1
Level 1

‎08-08-2007 05:35 PM - edited ‎03-11-2019 03:55 AM

Quick Question... Once I allow PPTP through a PIX, do I also have to allow the Remote Desktop ports to be open? Or does RD go through the PPTP ports?

Thanks

Labels:
0 Helpful
4 Replies 4

Jouni Forss
VIP Alumni
VIP Alumni

‎08-08-2007 06:11 PM

Doing a final work on a small network model which has a PIX 515 7.1(2)

I have configured 2 different VPN remote access groups into the PIX and from what i remember the PIX lets trough the traffic iniated from the VPN client side.

I tested a remote desktop program and it worked fine without doing any additional configuration on the PIX. So it would seem it lets trough all traffic by default IF im not totally wrong. Is the VPN remote client perhaps considered a client from the trusted side of the network and thats why aint blocked by the PIX.

My inside ACLs didnt permit the RD traffic but it still got trough from the inside to the VPN client so im guessing it would be in this case considered "return traffic" for which the PIX keeps a connection/port open?

homeboarder8
Level 1
Level 1
In response to Jouni Forss

‎08-09-2007 05:16 AM

Yeah I'm still a little confused... Right now I'm using Windows VPN to to open up a PPTP connection from a remote computer to the server. This forces me to open up port 1723 on the PIX. Now is there any more secure way to go about doing this rather than opening up this port? Prehaps VPN to the pix first and then VPN to the server???

Thanks!

0 Helpful

homeboarder8
Level 1
Level 1
In response to Jouni Forss

‎08-09-2007 05:21 AM

Yeah I'm still a little confused... Right now I'm using Windows VPN to to open up a PPTP connection from a remote computer to the server. This forces me to open up port 1723 on the PIX. Now is there any more secure way to go about doing this rather than opening up this port? Prehaps VPN to the pix first and then VPN to the server???

Thanks!

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to homeboarder8

‎08-09-2007 07:58 PM

Guess the main difference in the way i did the VPN connection was that i used the PIX to terminate the VPN tunnel and i also used Ciscos own VPN client software. (Had some problems with the Windows own)

I never had to open a port seperately for the VPN connection.

In my final work basicly the only ports/connections that are allowed into the network are traffic to DMZ areas where a FTP/HTTP servers recide. And then ofcourse the VPN groups that require authentication to even use. Both VPN groups have their own ACL also.

Im guessing that if its a big network with a risk that the traffic would be inspected or something then you could use a secure connection even past the border of the network. Im not really the best person to advice on these things though. Pretty new to VPN etc still.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card