RE: Encrypted RPC and firewalling

[Matthew Huff <mhuff () ox com>]

Also,

Most enterprises that support Exchange remote access use RPC over HTTPS which is encrypted and easy to allow on the 
firewall.

----
Matthew Huff             | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC       | Phone: 914-460-4039
aim: matthewbhuff        | Fax:   914-460-4139


> -----Original Message-----
> From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
> Sent: Thursday, November 10, 2011 7:51 AM
> To: Lasse Birnbaum Jensen
> Cc: nanog () nanog org
> Subject: Re: Encrypted RPC and firewalling
>
> On Thu, 10 Nov 2011 09:56:51 +0100, Lasse Birnbaum Jensen said:
> > I would like to know how you guys handle encypted rpc across
> firewalls.
>
> You can always just set the firewall to ban RPC in general, whether or
> not it's encrypted (while you're there, close off ports 137-139 and
> other chucklehead stuff like that), and just make the user who's
> outside the firewall VPN in.  That's a nice, simple, well-understood
> configuration that almost all software and even most users can handle.
>
> (We don't actually do a big monolithic firewall box - but pretty much
> everything has an iptables ruleset loaded that says "if your source IP
> isn't inside our 2 /16s, your packets go bye bye".  And there's a nice
> PPTP-based VPN solution in place that even a humanities professor
> emeritus can use ;)