Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 293
  • Last Modified:

Site to Site Cisco VPN - opening of ports needed if behind a perimeter fw?

Hi,

I have set up a site to site VPN using two ASA 5505's. Site A is directly connected to the web with no other devices in front of it. Site B is behind a PIX 515. The tunnel is up as indicated by the VPN light on the ASA. Do I need to open any ports on the PIX to have traffic flow across the ASA VPN? Am I correct in thing that since the tunnel is up between the two ASA devices, no ther device will or can see that traffic?
0
wayy2be
Asked:
wayy2be
  • 3
  • 3
1 Solution
 
JFrederick29Commented:
To the devices between the ASA's, the only traffic seen is UDP 500 and ESP (the encrypted traffic).  You don't need to open/permit the real traffic within the tunnel on the perimeter device.
0
 
wayy2beAuthor Commented:
So just to clarify...if I have a 10.10.10.x network on Site A's side and a 10.10.10.x network on Site B and users on each side use an application that transmits data to each site, then I do not have to open any ports on the perimeter device, yes?
0
 
JFrederick29Commented:
Correct.  That traffic is "hidden" within the tunnel to the perimeter device.  The only thing it sees is UDP 500 (ISAKMP) and ESP (IPSEC).
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
wayy2beAuthor Commented:
Awesome!  Thanks for your help :-)
0
 
JFrederick29Commented:
Sure thing.
0
 
wayy2beAuthor Commented:
Great advice, thanks!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now