how can I configure IPsec to secure an FTP site

Discussion in 'Computer Security' started by siul0_0, Nov 8, 2006.

  1. siul0_0


    Nov 6, 2006
    Likes Received:
    I just got :stickyma: because of the anonymous login on one of my servers running the IIS 6.0 ftp site. The simple reason I was using it was to prevent login access to be displayed in plain text. Now I am trying to secure the FTP connection thru IPsec. Any tips on how to accomplish this?

    I am using server R2 '03 with a PIX firewall. I want to try this config on the PIX 5.1 which I saw on one of the previous postings:

    access-list nonat permit ip inside network

    nat (inside) 0 access-list nonat

    ip local pool pool-name "dont know if this IPs have to be public or private"

    sysopt connection permit-ipsec

    crypto ipsec transform-set esp-aes-256-sha esp-aes-256 esp-sha-hmac
    crypto dynamic-map isvpn 10 set transform-set esp-aes-256-sha
    crypto map ocmap 10 ipsec-isakmp dynamic isvpn
    crypto map ocmap interface outside

    isakmp enable outside
    isakmp policy 10 authentication "I will use certificate"
    isakmp policy 10 encryption aes-256
    isakmp policy 10 hash sha
    isakmp policy 10 group 5
    isakmp policy 10 lifetime 86400

    vpngroup username address-pool pool-name
    vpngroup username dns-server dns ip
    vpngroup username default-domain domain name
    vpngroup username idle-time 1800
    vpngroup username password pwd

    The windows server is going to be my CA.

    Any help on this would be REAAAAAALLY appreciated.
    Last edited: Nov 11, 2006
    siul0_0, Nov 8, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.