Re: Cisco PIX, VPN Client & PC Anywhere

yatinder · ‎04-27-2003

My setup goes like this

Lan-->PIX Firewall-->Router-->Internet Cloud

We use Cisco VPN Client 3.6.3(B) to connect to remote Peer. For remote desktop sharing we use PC anywhere services.

Now problem we face on firewall is

If I specify conduit permit ip any any everything works fine. But this makes firewall vunerable since anybody from outside can initiate connections to inside hosts due to static nat & conduit statments.

I wish to apply ACL to PIx which allows connections only from desired remote peer/hosts. I have tried permitting ports tcp/udp 5631, 5632, 6530 & removing the conduit permit ip any any statement, but did not work out

Any suggestions

Thanks in Advance

leeb · ‎04-27-2003

the ports that I usually open for pc-anywhere are: 5631 tcp, 65301 tcp ,5632 udp, 22 udp (although some of them are for older versions of pcanywhere )

I think that if you have opend all those ports with static nat and conduit it should work.

yatinder · ‎04-29-2003

I have tried opening all these ports, but still was not able to connect.

Any clue ?

Report Inappropriate Content · ‎04-28-2003

I also have enable CISCO PIX to accept PPTP connections from the Internet, but I would like to restrict this only to a couple of source IP addresses.

Is there a way to do that?

I couldn't find any.

Thanks

Silvia

yatinder · ‎04-29-2003

just put a inbound ACL on the outside interface

syntax

Access-list X permit tcp LanIP SM PermittedSource SM

I hope it helps