Greetings,
My company has paid for a third party Auditing company to audit the security of our remote locations, that mostly use PIX 501s. However, we are failing the audits do to that fact that they cannot scan the outside interface of the PIXs. I thought that was a good thing but appearently, they don't. Since their search is inconclusive, they fail us. Any thoughts on how to allow them to scan the outside interface?
I watched the terminal monitor at lvl7 and found that they were hitting the 65534 and 5678 ports. Since they didn't get an acknowledgement, the scan fails.
Here's my attempts:
1) service resetinbound
2) access-list scan_outside permit any any
access-list scan_outside in interface outside
Any thoughts on how to not filter these packets?
Shon
Network Administrator
My company has paid for a third party Auditing company to audit the security of our remote locations, that mostly use PIX 501s. However, we are failing the audits do to that fact that they cannot scan the outside interface of the PIXs. I thought that was a good thing but appearently, they don't. Since their search is inconclusive, they fail us. Any thoughts on how to allow them to scan the outside interface?
I watched the terminal monitor at lvl7 and found that they were hitting the 65534 and 5678 ports. Since they didn't get an acknowledgement, the scan fails.
Here's my attempts:
1) service resetinbound
2) access-list scan_outside permit any any
access-list scan_outside in interface outside
Any thoughts on how to not filter these packets?
Shon
Network Administrator