In a PIX 515, os Version 6.3(5), I want to prevent traffic TCP ports 445, 3066, 3067 from going from inside to outside (due to us having gotten blacklisted for outgoing Korgo traffic).
Here's the relevant config:
access-list acl_outbound deny tcp any any eq 3067
access-list acl_outbound deny tcp any any eq ident
access-list acl_outbound deny tcp any any eq 445
access-list acl_outbound permit ip any any
access-group acl_outbound in interface inside
(Pix translated 3066 to ident...)
When I first applied this, I got a few hits on the ACEs for 445 & ident right away. Several months pass, and I find we've gotten blacklisted again, again because of Korgo. I check the ACEs over a couple or three days - no activity the first 2 days, then today 9 more hits on 445, 3 more on ident.
So, the ACL does something... But, is it correct for blocking traffic going from inside to outside?
(Initiatives are underway to get CSA & NAC installed, but for the moment I have to rely on the firewall to keep bad things from getting out...)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...