Another question for Cisco VPN 3000 Concentrator

We are planning to deploy a Cisco VPN 3000 concentrator, which has firewall functionality.

In order to setup 1) site to site IP Sec VPN, 2) client to site IP Sec VPN and 3) clientless VPN. Do I need to open http (80), https (443), 988, imap4 protocol over TLS/SSL (993), pop3 protocol over TLS/SSL (995), and pptp (1732).

When the concentrator is scanned from the Internet, should I be able to see these ports? How can I hide them from Internet?

Any info are thankful.

Regards,

Reply to
Doug Fox
Loading thread data ...

In article , Doug Fox wrote: :We are planning to deploy a Cisco VPN 3000 concentrator, which has firewall :functionality.

: In order to setup 1) site to site IP Sec VPN, 2) client to site IP Sec VPN :and 3) clientless VPN. Do I need to open http (80),

No.

:https (443),

This is needed for clientless VPN.

I have not configured a VPN 3000, so I do not know if you need to "open" https, or if it will be automatically opened when you enable SSL VPNs. You might only need to "open" https if you want to be able to pass an SSL VPN through a security gateway.

:988,

Never heard of it. I don't find any reference for it being used.

:imap4 protocol over TLS/SSL (993),

No.

:pop3 protocol over TLS/SSL (995),

No.

:and pptp (1732).

No. IPSec is distinct from PPTP.

:When the concentrator is scanned from the Internet, should I be able to see :these ports?

I haven't configured the VPN 3000. On the PIX, any port which is set to block, simply does not reply (unless you -specifically- turn on RST generation.)

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.