I am somewhat of a security newbie, but manage a small companies IT dept. I have been asked to allow outgoing vpn connections to other companies from our site through our Pix firewall. The administrator before me didnt allow it.
I was wondering if there were security concerns with allowing this.
Certainly there are security concerns with allowing VPNs to other companies, but that does not mean that you should not do it. What it does mean is that you need to understand what traffic and applications are to be used over the VPN and will need to configure the PIX to allow only that traffic. With some applications, that is easy to do, but with others it can be next to impossible.
You need a security policy which dictates what sorts of traffic are acceptable and recognizes the value of allowing the improved connectivity with your trading partners. Note that this may require more knowledge of how specific applications work that you want to learn (and clearly more than your predecessor in the job was willing to learn).
You should also temper what is allowed by recognizing the vulnerabilities of your systems and the trust you have in the other companies. For example, it is almost certainly a bad idea to let windows browsing traffic through, as that is a popular vector for numerous virii and worms (do a quick search on Nachi or Welchia for some ideas of what can happen if you don't take proper precautions).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :