cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
203
Views
5
Helpful
1
Replies

Qns abt opening FTP ports thru VPN

leowchongwei
Level 1
Level 1

Hi,

I have a PIX 515E firewall configured with a VPN tunnel to a remote site. The remote site is doing printing and ftp to my site. What are the ports/services i have to open up to secure my site, other than ftp port 21?

Any what ports/services the remote site have to open? i'm not suppose to access any service to them.

Thanks

-Steven-

1 Reply 1

tvanginneken
Level 4
Level 4

Hi,

by default, when the 'sysopt permit ipsec' is enabled, no packets are filtered when they leave the VPN tunnel. So the remote site can access all services on the hosts you make available.

If you what to specify the traffic that is allowed from the VPN tunnel into your network, you have to disable the 'sysopt permit ipsec'. This will block all incoming vpn traffic. The next thing you have to do is to create an access-list that specifies the allowed traffic and apply it to you external interface.

Is you need to know which ports are necessary for printing, ... etc, you should enable logging and examine the log to see what packets are being dropped by the pix.

To enable syslog logging on the pix, use these commands:

logging host ip-address-syslog-server

logging trap 7 (7 = debug mode, 4= warning mode)

logging on

Kind Regards,

Tom

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: