Firewall Wizards mailing list archives
RE: Cisco VPN client behind a Netscreen
From: "List Account" <list.account () cerdant com>
Date: Thu, 6 Nov 2003 08:38:30 -0500
I would say you do not need to allow that traffic inbound. The outbound traffic rule should be sufficient considering that the session will always be initiated from the inside, and assuming that the netscreen is "stateful" the VPN client's session state should be maintained. _nathan -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Aram Smith Sent: Wednesday, November 05, 2003 1:13 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Cisco VPN client behind a Netscreen I have recently implemented a Netscreen 50 and I have users behind it that use a Cisco VPN client to connect to a Cisco Pix which I have no control over. Their VPN client is not functioning properly. Currently I have a policy allowing outbound traffic any from all inside. Does anyone know if I also need to create an IPSEC policy for inbound traffic? Thanks, Aram Smith _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco VPN client behind a Netscreen Aram Smith (Nov 05)
- Re: Cisco VPN client behind a Netscreen Ravi Kumar (Nov 06)
- Re: Cisco VPN client behind a Netscreen Luigi Mori (Nov 06)
- RE: Cisco VPN client behind a Netscreen List Account (Nov 06)
- <Possible follow-ups>
- RE: Cisco VPN client behind a Netscreen Melson, Paul (Nov 06)
- RE: Cisco VPN client behind a Netscreen Andy Lyakhovetskiy (Nov 11)