Another question for Cisco VPN 3000 Concentrator

Discussion in 'Cisco' started by Doug Fox, Sep 9, 2005.

  1. Doug Fox

    Doug Fox Guest

    We are planning to deploy a Cisco VPN 3000 concentrator, which has firewall
    functionality.

    In order to setup 1) site to site IP Sec VPN, 2) client to site IP Sec VPN
    and 3) clientless VPN. Do I need to open http (80), https (443), 988, imap4
    protocol over TLS/SSL (993), pop3 protocol over TLS/SSL (995), and pptp
    (1732).

    When the concentrator is scanned from the Internet, should I be able to see
    these ports? How can I hide them from Internet?


    Any info are thankful.

    Regards,
     
    Doug Fox, Sep 9, 2005
    #1
    1. Advertising

  2. In article <>,
    Doug Fox <> wrote:
    :We are planning to deploy a Cisco VPN 3000 concentrator, which has firewall
    :functionality.

    : In order to setup 1) site to site IP Sec VPN, 2) client to site IP Sec VPN
    :and 3) clientless VPN. Do I need to open http (80),

    No.

    :https (443),

    This is needed for clientless VPN.

    I have not configured a VPN 3000, so I do not know if you need to
    "open" https, or if it will be automatically opened when you enable
    SSL VPNs. You might only need to "open" https if you want to be
    able to pass an SSL VPN through a security gateway.

    :988,

    Never heard of it. I don't find any reference for it being used.

    :imap4 protocol over TLS/SSL (993),

    No.

    :pop3 protocol over TLS/SSL (995),

    No.

    :and pptp (1732).

    No. IPSec is distinct from PPTP.


    :When the concentrator is scanned from the Internet, should I be able to see
    :these ports?

    I haven't configured the VPN 3000. On the PIX, any port which is
    set to block, simply does not reply (unless you -specifically- turn
    on RST generation.)
    --
    Daylight is a trademark of OSRAM SYLVANIA INC.
     
    Walter Roberson, Sep 9, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. filip
    Replies:
    2
    Views:
    2,442
    filip
    Nov 20, 2003
  2. Goggen
    Replies:
    1
    Views:
    1,162
    Uli Link
    Jan 26, 2006
  3. Eitan
    Replies:
    0
    Views:
    530
    Eitan
    Mar 5, 2006
  4. Replies:
    1
    Views:
    975
    James
    Aug 22, 2006
  5. Giuen
    Replies:
    0
    Views:
    1,463
    Giuen
    Sep 12, 2008
Loading...

Share This Page