We use Cisco VPN Client 3.6.3(B) to connect to remote Peer. For remote desktop sharing we use PC anywhere services.
Now problem we face on firewall is
If I specify conduit permit ip any any everything works fine. But this makes firewall vunerable since anybody from outside can initiate connections to inside hosts due to static nat & conduit statments.
I wish to apply ACL to PIx which allows connections only from desired remote peer/hosts. I have tried permitting ports tcp/udp 5631, 5632, 6530 & removing the conduit permit ip any any statement, but did not work out
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...