No blocked ports on internal interface of ASA

Posted by blsub6 on Server Fault See other posts from Server Fault or by blsub6
Published on 2010-12-08T18:19:07Z Indexed on 2010/12/21 19:55 UTC
Read the original article Hit count: 238

Filed under:
|

I have a cisco ASA 5505 with three interfaces: Internal (100), DMZ (50) and External (0). The internal has a IPSEC VPN tunnel to my internal network

I couldn't log in to my domain because of all of the port restrictions and such. I tried monitoring the traffic through the interface, seeing what it's blocking and then unblocking those ports but even then it didn't work completely correctly

I finally just added a rule to permit any ip traffic from any network to any network on the internal interface and, of course, it worked fine

But is that good security practice? Should I be blocking ports on an interface that's internal and over a VPN with the highest security level?

© Server Fault or respective owner

Related posts about vpn

Related posts about cisco-asa