RE: [fw-wiz] Cisco VPN client behind a Netscreen

From: List Account (list.account_at_cerdant.com)
Date: 11/06/03

  • Next message: Melson, Paul: "RE: [fw-wiz] Cisco VPN client behind a Netscreen"
    To: "'Aram Smith'" <aram.smith@appiancorp.com>, <firewall-wizards@honor.icsalabs.com>
    Date: Thu, 6 Nov 2003 08:38:30 -0500
    
    

    I would say you do not need to allow that traffic inbound. The
    outbound traffic rule should be sufficient considering that the
    session will always be initiated from the inside, and assuming
    that the netscreen is "stateful" the VPN client's session state
    should be maintained.

    _nathan

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of
    Aram Smith
    Sent: Wednesday, November 05, 2003 1:13 PM
    To: firewall-wizards@honor.icsalabs.com
    Subject: [fw-wiz] Cisco VPN client behind a Netscreen

    I have recently implemented a Netscreen 50 and I have users
    behind it that use a Cisco VPN client to connect to a Cisco Pix
    which I have no control over. Their VPN client is not functioning
    properly. Currently I have a policy allowing outbound traffic any
    from all inside. Does anyone know if I also need to create an
    IPSEC policy for inbound traffic? Thanks, Aram Smith
    _______________________________________________
    firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Melson, Paul: "RE: [fw-wiz] Cisco VPN client behind a Netscreen"