Windows/MSN messenger file transfer feature

[epronto]

Hi there,
I am using PIX 506e v.6.3.3 with VPN server servicing remote VPN clients, access-list and static NAT/PAT.
Does anyone know how to securely setup PIX for Windows or MSN messenger file transfer feature.
Windows Messenger help recommends opening as many as possible inbound TCP ports from range 6891 to 6900.
I guess if I open one of the ports from that range to the world (any to any)into my LAN, it would be a major security risk.
Is there any secure way of doing it?
Thanks for any comments.

 

[flauret]

hi

I think you should only doing it with outside but I f saw fine, the new msn messenger beta 7.0 can do that through http. by this way you are not obliged to open anything else from inside to outside.

be sure to have antivirus up to date if you want to allow this kind of traffic.

something else, if you need to open something in 6891 to 6900, I am not completely sure but it is from inside to outside that you have to open it.

regards,
frederic

 

[LloydSev]

Also, version 7.0(1) of the PIX OS is supposed to handle these types of operations easily.

Computer/Network Technician
CCNA

 

[epronto]

thanks to all,
it took me a while to reply to this one.
I made File Sharing (MSN Messenger) and File Transfer (Windows Messenger) work fine. I need to test a few more things, but in a config where one peer is behind PIX (on the same subnet as PIX outside interface) and the other peer is inside the PIX, it is working fine. I need to check the config where both peers are on private subnets behind firewalls. I think the problem with these applications is that the source IP stays always that of a private network and the firewalls don't know how to handle it properly. And by the way, flauret, I am running MSN MSG v.7.

However, in first config where file transfer works, collaboration (application sharing and whiteboard) doesn't.
Any ideas?!