Announcement

Collapse
No announcement yet.

New point to point connection to client, am I secure?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • New point to point connection to client, am I secure?

    I just connected a clients router (on my premises) to a dmz port on my ASA. There is a security rule "any any" that is on that DMZ port (outbound). It is enabled but it is not applied to any traffic and a route routing any traffic going to x.x.x.x(client specified IP address) to go to that interface.

    Those are the only two entries for that DMZ port. We can easily get to their system and everything works, but I am wondering if and what they can get to from their end into us. They shouldn't be able to get to anything.
    Thank you,

    Marc

  • #2
    Re: New point to point connection to client, am I secure?

    How does the rule looks like and how does the acl's look like on the router/remote site.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: New point to point connection to client, am I secure?

      Here are the entries for the interface in question:

      global (dmz-20) 10 interface
      nat (dmz-20) 10 X.X.X.0 255.255.255.0
      route dmz-20 X.X.X.X 255.255.255.255 X.X.X.X 1
      telnet X.X.X.0 255.255.255.0 dmz-20

      I do not have any rules applied. what I want is only two ports to be able to come back to me through this connection.

      The IP address of the interface is not a part of any other subnet on my LAN. So, they should not be able to ping from their router, telnet, etc to anywhere on my network correct?
      Thank you,

      Marc

      Comment

      Working...
      X