08-08-2007 05:35 PM - edited 03-11-2019 03:55 AM
Quick Question... Once I allow PPTP through a PIX, do I also have to allow the Remote Desktop ports to be open? Or does RD go through the PPTP ports?
Thanks
08-08-2007 06:11 PM
Doing a final work on a small network model which has a PIX 515 7.1(2)
I have configured 2 different VPN remote access groups into the PIX and from what i remember the PIX lets trough the traffic iniated from the VPN client side.
I tested a remote desktop program and it worked fine without doing any additional configuration on the PIX. So it would seem it lets trough all traffic by default IF im not totally wrong. Is the VPN remote client perhaps considered a client from the trusted side of the network and thats why aint blocked by the PIX.
My inside ACLs didnt permit the RD traffic but it still got trough from the inside to the VPN client so im guessing it would be in this case considered "return traffic" for which the PIX keeps a connection/port open?
08-09-2007 05:16 AM
Yeah I'm still a little confused... Right now I'm using Windows VPN to to open up a PPTP connection from a remote computer to the server. This forces me to open up port 1723 on the PIX. Now is there any more secure way to go about doing this rather than opening up this port? Prehaps VPN to the pix first and then VPN to the server???
Thanks!
08-09-2007 05:21 AM
Yeah I'm still a little confused... Right now I'm using Windows VPN to to open up a PPTP connection from a remote computer to the server. This forces me to open up port 1723 on the PIX. Now is there any more secure way to go about doing this rather than opening up this port? Prehaps VPN to the pix first and then VPN to the server???
Thanks!
08-09-2007 07:58 PM
Guess the main difference in the way i did the VPN connection was that i used the PIX to terminate the VPN tunnel and i also used Ciscos own VPN client software. (Had some problems with the Windows own)
I never had to open a port seperately for the VPN connection.
In my final work basicly the only ports/connections that are allowed into the network are traffic to DMZ areas where a FTP/HTTP servers recide. And then ofcourse the VPN groups that require authentication to even use. Both VPN groups have their own ACL also.
Im guessing that if its a big network with a risk that the traffic would be inspected or something then you could use a secure connection even past the border of the network. Im not really the best person to advice on these things though. Pretty new to VPN etc still.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide