Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
221
Views
0
Helpful
1
Replies

Protecting site-to-site VPN's from Blaster

n.oneill
Level 1
Level 1

‎09-24-2003 06:32 AM - edited ‎02-21-2020 12:47 PM

We are using a PIX firewall for site-to-site VPN's. How do we protect our network from the remote network being infected with Blaster without limiting the VPN to certain protocols. Our VPN ACL's are similar to the following:

access-list vpn permit ip 172.16.0.0 255.255.255.0 192.168.1.0 255.255.255.0

Labels:
0 Helpful
1 Reply 1

ddawson
Level 1
Level 1

‎09-24-2003 03:17 PM

Remove the "sysopt connection permit-ipsec" command and then update/create the access-list on the outside interface (or whatever interface you're terminating the VPN on) to block the Blaster ports from the remote LAN(s) and permit everything else. Wihtout the above sysopt command the traffic through the VPN is subject to the same acccess-list processing as other traffic, which allows you to control what can traverse the VPN.

HTH - Good luck!

0 Helpful
Customers Also Viewed These Support Documents