I have an interface on my PIX520 assigned to my RAS dial up network. Presently, I have all ports opened up for traffic coming from that RAS interface to my inside. I need to determine which ports I need to keep open to allow my dial up users to work. Does anyone have suggestions or a config similiar to this who can help me out ?
It depends on what services theyre accessing. We have our RAS on the inside behind our PIX so we dont have to open holes through the firewall. Depending on your topology, this may or may not work for you. In any case, determine what applications theyre using (NetBios, WINS, HTTP, Telnet, FTP, etc.) and open up the ports and protocols specifically.
I'd put a protocol analyzer in place with the RAS device, and see what traffic patterns you end up with. You'd probably be able to make some good conclusions in a few days as to what ports should be open.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...