Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to prevent LogMeIn users thru PIX

Hi,

I have a PIX version 6.3(1). I have noticed that some users are using LogMeIn remote desktop services without the knowledge of the administrator. I tried to block the port and noticed that it uses Internet ports HTTP. All users are permitted to access the Internet and so HTTP cannot be blocked. So how can i block this LogMeIn application on the PIX 6.3. Do you think I will need to upgrade to an IPS or PIX 7.0 or does 6.3 itself support some method of blocking this kind of application?

logmein.com will describe how it works.

Can anyone provide me with the right solution?

Thanks

Kevin

3 REPLIES
New Member

Re: How to prevent LogMeIn users thru PIX

I guess LogMeIn runs on TCP Port 2002. Try blocking this Port & let me know.

New Member

Re: How to prevent LogMeIn users thru PIX

Kev,

forcing users to use a proxy seems to break it quite well and brings lots of other benefits too !

Barry.

New Member

Re: How to prevent LogMeIn users thru PIX

Hi Kevin

Logmein tries to connect to secure.logmein.com and tries to go through https. So the only way to block it is through blocking the ip for secure.logmein.com, which is 63.209.251.90. Again it won't be a full proof solution since mirrored sites might pop in with different IPs and IPs can change.

Regarding upgrade to version 7.0. With pix 7.0, yes we do have deep packet inspection (called map, for ex. http-map, gtp-map, ftp-map) available for http, ftp, gtp and so on, but for secure protocols, we cannot do much. We can block logmein effectively using ASA with IPS or IPS appliance.

But you will find such applications which depends on secure communications increasing a lot. I would prefer to have a deep packet inspection feature for DNS in PIX next version, which could allow us to permit or drop packet on the basis on dns queries, which can make life a bit better for us.

233
Views
5
Helpful
3
Replies