No blocked ports on internal interface of ASA
Posted
by
blsub6
on Server Fault
See other posts from Server Fault
or by blsub6
Published on 2010-12-08T18:19:07Z
Indexed on
2010/12/21
19:55 UTC
Read the original article
Hit count: 233
I have a cisco ASA 5505 with three interfaces: Internal (100), DMZ (50) and External (0). The internal has a IPSEC VPN tunnel to my internal network
I couldn't log in to my domain because of all of the port restrictions and such. I tried monitoring the traffic through the interface, seeing what it's blocking and then unblocking those ports but even then it didn't work completely correctly
I finally just added a rule to permit any ip traffic from any network to any network on the internal interface and, of course, it worked fine
But is that good security practice? Should I be blocking ports on an interface that's internal and over a VPN with the highest security level?
© Server Fault or respective owner