How to restrict PIX VPN access to only a few ports ?

From: Jim (dot_com_bust@hotmail.com)
Date: 02/13/03

• Next message: Duane Arnold: "Re: Black Ice is bad stuff! BEWARE!"
• Previous message: DougNews: "Re: Stateful Packet Inspection Firewall"
• Next in thread: SysAdm: "Re: How to restrict PIX VPN access to only a few ports ?"
• Reply: SysAdm: "Re: How to restrict PIX VPN access to only a few ports ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: dot_com_bust@hotmail.com (Jim)
Date: 12 Feb 2003 15:09:19 -0800

Hi,

Can anyone give me some tips on how to limit the VPN connection to
just a few ports of an internal host through the Cisco PIX VPDN
configuration. I have a PIX 520 and configured with the standard VPDN
commands to accept VPN connection on the outside interface to the
internal network. The VPN connection worked fine. Now I would like to
limit the remote clients to only a few ports on one of the internal
host through this VPN connection. The only way I can come up with is
to limit those VPN connections to a single server. It is through the
standard access-list: permit ip host xxxx yyyy/24 (where yyyy/24 is
the VPDN pool) applied on the NAT command, thus no other internal host
is visible to the VPN clients except the target host. However, when I
tried to use port restriction in the access-list: permit tcp host xxxx
eq smtp yyyy/24 to further limit the client access to the port level,
no connectivity can be established. Is it possible to limit VPN
connection to just a few ports of an internal host? It seems any host
visible to the VPN connection is totally exposed. Thanks in advance
for any help you can offer.

Jim

---

• Next message: Duane Arnold: "Re: Black Ice is bad stuff! BEWARE!"
• Previous message: DougNews: "Re: Stateful Packet Inspection Firewall"
• Next in thread: SysAdm: "Re: How to restrict PIX VPN access to only a few ports ?"
• Reply: SysAdm: "Re: How to restrict PIX VPN access to only a few ports ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: How to restrict PIX VPN access to only a few ports ? ... > Can anyone give me some tips on how to limit the VPN connection to ... > just a few ports of an internal host through the Cisco PIX VPDN ... (comp.security.firewalls) Re: VPN configuration ... Marc Rauzier racontait dans comp.sys.ibm.as400.misc: ... > host) between two iSeries. ... > ports to be used on the VPN connection. ... (comp.sys.ibm.as400.misc) Re: External drives not installing or working properly on USB ... Tne one thing you could try doing is a repair install of XP ... Only one of the five host controllers is connected to the 6 ... As you have 5 host ports, ... operating system to recognise the four additional 'drives'. ... (microsoft.public.windowsxp.general) Re: External drives not installing or working properly on USB ... thanks for clarifying the setup of the USB host controllers. ... As you have 5 host ports, ... operating system to recognise the four additional 'drives'. ... (microsoft.public.windowsxp.general) Re: Attacks on ssh port ... Trigger one of the "backdoor" ports, and you're out of my game. ... >> count it won't log any more than that number of attempts from a host. ... >> from the logfiles or enable some ports NIDs, or 3rd party NIDS to do ... (FreeBSD-Security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)