Locking down VPN ports for application being used....
Hi guys
We have an application on our work premises that people externally use VPN to access. The port has been set to 'ANY'. However, if I wanted to lock this port down, I have some issues as there is no documentation on what the ports are. When I look at the firewall logs, I can see that the source port always changes but the destination port stays the same. What does this mean if the source port changes but the destination port is the same? I assume the destination port is the port on the application on our side and therefore we can lock the VPN ports down to this destination port?
Thanks for helping
Yashy
We have an application on our work premises that people externally use VPN to access. The port has been set to 'ANY'. However, if I wanted to lock this port down, I have some issues as there is no documentation on what the ports are. When I look at the firewall logs, I can see that the source port always changes but the destination port stays the same. What does this mean if the source port changes but the destination port is the same? I assume the destination port is the port on the application on our side and therefore we can lock the VPN ports down to this destination port?
Thanks for helping
Yashy
ASKER
Thanks Noci. So does that mean if I know the destination port, I should be able to lock down the VPN to that port? Or, will I have to keep it to 'ANY' as the source ports always change coming inbound and therefore I can't lock it down?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
^^ 100% correct :)
What firewall is it? I tend to use Cisco ASA. then I can do a packet-capture and find out exactly what ports need to be open :)
What firewall is it? I tend to use Cisco ASA. then I can do a packet-capture and find out exactly what ports need to be open :)
The destination port is how ANY client can find a server. ie. 80 = HTTP (web server), 443 = HTTPS (Webserver), 25 = SMTP (e-mail) etc. etc.
Binding to a source port CAN be done, but it also limits the connection 1 on 1 between two systems.
A browser already opens 4+ connections to collect various resources from a server (HTTP/1.0 & HTTP/11.) that would not be possible with bound connections.