PIX *not* blocking traffic?? Port 445

[TechPaulJohn]

Good afternoon,

I'm having trouble with my PIX and some virus infected machines. Now, I know the real answer is getting the machines cleaned up (since the machines are at another site, a different tech is responsible).

The problem I'm having is even though I have port 445 blocked both inbound and outbound, I'm still seeing some traffic coming from outside my network on port 445.

Are the infected machines getting the conversation going on a different port, and then because they initiated the conversation the traffic is permited?

Any advice would be appreciated.

Thanks in advance,

Paul

 

[Supergrrover]

Is this a VPN setup? If it is and you have
sysopt permit ipsec
in your config, all VPN traffic will bypass all ACLs. You will need to turn that off so that VPN traffic will get processed.


Brent
Systems Engineer / Consultant
CCNP

 

[TechPaulJohn]

I have a similar line: sysopt connection permit-ipsec

Would this do the same thing?

Thanks,

Paul

 

[Supergrrover]

Yes, that's the one. This will allow all VPN traffic through no matter what ACL's you have in place. Remove this line and the VPN traffic will follow the ACL's you have in place right now. Be sure to permit the specific traffic for the VPNs in them or they will not allow anything.



Brent
Systems Engineer / Consultant
CCNP