04-27-2003 01:06 AM - edited 02-21-2020 12:30 PM
My setup goes like this
Lan-->PIX Firewall-->Router-->Internet Cloud
We use Cisco VPN Client 3.6.3(B) to connect to remote Peer. For remote desktop sharing we use PC anywhere services.
Now problem we face on firewall is
If I specify conduit permit ip any any everything works fine. But this makes firewall vunerable since anybody from outside can initiate connections to inside hosts due to static nat & conduit statments.
I wish to apply ACL to PIx which allows connections only from desired remote peer/hosts. I have tried permitting ports tcp/udp 5631, 5632, 6530 & removing the conduit permit ip any any statement, but did not work out
Any suggestions
Thanks in Advance
04-27-2003 04:16 AM
the ports that I usually open for pc-anywhere are: 5631 tcp, 65301 tcp ,5632 udp, 22 udp (although some of them are for older versions of pcanywhere )
I think that if you have opend all those ports with static nat and conduit it should work.
04-29-2003 04:30 AM
I have tried opening all these ports, but still was not able to connect.
Any clue ?
04-28-2003 07:09 AM
I also have enable CISCO PIX to accept PPTP connections from the Internet, but I would like to restrict this only to a couple of source IP addresses.
Is there a way to do that?
I couldn't find any.
Thanks
Silvia
04-29-2003 04:27 AM
just put a inbound ACL on the outside interface
syntax
Access-list X permit tcp LanIP SM PermittedSource SM
I hope it helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide