Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: ASA routing over VPN

Re: ASA routing over VPN

From: Craig Van Tassle <craig_at_codestorm.org>
Date: Wed, 26 Jul 2006 15:00:07 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

LOL Yea I know that Telnet should not be enabled. Actually once I get it all
working and routing properly I would like to close down ASDM, telnet and SSH to
anywhere but from the vpn.

Thanks for the advise I will be trying that out.

Horvath, Kevin M. wrote:
> I only had time to look at the vpn to internet "hairpinning" scenario. It
> looks like you don't have an ip pool assigned to the vpn traffic to be
> designated for NATing to the internet. Try implementing ip local pool
> "pool_name_here"
> "ip_range_here_for_ips_from_over_the_vpn_to_access_the_internet"
>
> Let me know how this works. Cool feature, I wish my pix could do this so I
> didn't have to terminate my tunnels on a router and a concentrator.
>
> On a side note watch out for this command "telnet 0.0.0.0 0.0.0.0 internet",
> that's not good. You have ssh configured so stick to your guns with it
> since at least it is encrypted. Best practice is to not even to open it to
> the internet yet just vpn in and then access it via ssh. Ah but who takes
> advice from a pen tester anyways ;p
>
>
> -----Original Message-----
> From: firewall-wizards-bounces_at_listserv.icsalabs.com
> [mailto:firewall-wizards-bounces_at_listserv.icsalabs.com] On Behalf Of Craig
> Van Tassle
> Sent: Tuesday, July 25, 2006 5:12 PM
> To: Firewall Wizards Security Mailing List
> Subject: [fw-wiz] ASA routing over VPN
>
> I have a ASA 5510 and its not routing my vpn's properly. I can get from my
> vpn's
> to anywhere on my lan.. but I cant get to the net from my vpn's.
> I have 4 VPN tunnels. One over the Internet, and 3 over a Frame relay
> network.
>
> The Internet one is not working at all.. it connects but does not route any
> traffic. The VPN's on my Frame connect but do not route traffic to the
> Internet.
>
> I'm at a total loss as where to go with this.
>
>
> Attacked is my current config (ip's and password have been changed)
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards_at_listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEx8nHAOTIJ89W4sIRAl4lAJ9tyE4gjqcMgnIQfnTF8xMrehouIQCfQgNE
VcBQam2NiY8zeDZ7qpT5RpQ=
=kYPP
-----END PGP SIGNATURE-----

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Jul 27 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos