I have blocked all outbound traffic to Internet in the PIX firewall except web(port80). One user needs to connect his laptop in our network that has Cisco VPN client and wants to connect some remote network(not ours).
I would like to know which ports to open in my firewall to allow VPN traffic?
add these protocols/ports to the existing outbound acl.
i guess the security risk is that once the vpn tunnel is fully established, the laptop could be compromised from the remote network as normally vpn allows all traffic. assuming the laptop is compromised, your private net may also be at risk since this particular laptop has full access to your private net.
to prevent this, make sure the laptop has all the patches including anti-virus signiture. also, verify with the remote network regarding the security level.
I am running pix vers. 6.3.3 and the remote system to connect is Cisco vpn 3000.I have enabled NAT Transversal both in client software and my pix, but it is still not working. I have testet with these commands "sysopt connection permit-ipsec"
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...