Firewall Wizards mailing list archives

RE: Cisco VPN client behind a Netscreen

From: "List Account" <list.account () cerdant com>
Date: Thu, 6 Nov 2003 08:38:30 -0500

I would say you do not need to allow that traffic inbound. The
outbound traffic rule should be sufficient considering that the
session will always be initiated from the inside, and assuming
that the netscreen is "stateful" the VPN client's session state
should be maintained.

_nathan

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of
Aram Smith
Sent: Wednesday, November 05, 2003 1:13 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Cisco VPN client behind a Netscreen


I have recently implemented a Netscreen 50 and I have users
behind it that use a Cisco VPN client to connect to a Cisco Pix
which I have no control over. Their VPN client is not functioning
properly. Currently I have a policy allowing outbound traffic any
from all inside. Does anyone know if I also need to create an
IPSEC policy for inbound traffic? Thanks, Aram Smith
_______________________________________________
firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Cisco VPN client behind a Netscreen Aram Smith (Nov 05)
- Re: Cisco VPN client behind a Netscreen Ravi Kumar (Nov 06)
- Re: Cisco VPN client behind a Netscreen Luigi Mori (Nov 06)
- RE: Cisco VPN client behind a Netscreen List Account (Nov 06)
- <Possible follow-ups>
- RE: Cisco VPN client behind a Netscreen Melson, Paul (Nov 06)
  - RE: Cisco VPN client behind a Netscreen Andy Lyakhovetskiy (Nov 11)