Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Qns abt opening FTP ports thru VPN

Hi,

I have a PIX 515E firewall configured with a VPN tunnel to a remote site. The remote site is doing printing and ftp to my site. What are the ports/services i have to open up to secure my site, other than ftp port 21?

Any what ports/services the remote site have to open? i'm not suppose to access any service to them.

Thanks

-Steven-

1 REPLY

Re: Qns abt opening FTP ports thru VPN

Hi,

by default, when the 'sysopt permit ipsec' is enabled, no packets are filtered when they leave the VPN tunnel. So the remote site can access all services on the hosts you make available.

If you what to specify the traffic that is allowed from the VPN tunnel into your network, you have to disable the 'sysopt permit ipsec'. This will block all incoming vpn traffic. The next thing you have to do is to create an access-list that specifies the allowed traffic and apply it to you external interface.

Is you need to know which ports are necessary for printing, ... etc, you should enable logging and examine the log to see what packets are being dropped by the pix.

To enable syslog logging on the pix, use these commands:

logging host ip-address-syslog-server

logging trap 7 (7 = debug mode, 4= warning mode)

logging on

Kind Regards,

Tom

84
Views
5
Helpful
1
Replies
CreatePlease to create content