topic Re: Secure communication between 2 Solaris Via PIX in Network Security

Secure communication between 2 Solaris Via PIX

srowles — Fri, 21 Feb 2020 07:42:29 GMT

I have a scenario where I have 2 Solaris boxes (one on the inside and one on the outside) attached to a PIX. I am looking to secure a portion of traffic between the two Solaris machines irrespective of which one initiates the connection and without manual intervention.

I have been looking at the Cisco VPN client for this but it looks like this will not be a very elegant solution as firstly the "Auto-Initialisation" feature does not work with the Solaris client and also the Solaris machines would both in effect be initiators of VPN tunnels and also terminators (at times I would require that the PIX initiates a VPN connection to the VPN client as a result of traffic destined for the client. I’m pretty sure I can’t do this).

Any suggestions would be appreciated. Thanks in advance.

Re: Secure communication between 2 Solaris Via PIX

Patrick Iseli — Wed, 27 Oct 2004 11:43:44 GMT

How about SSH tunnel from the outside to the inside. Both SUN boxes have ssh implemented and could even use the port forwarding feature to tunnel other protocols. And finaly should not forget all scripting features that could be used.

SSH-Public = NAT address, public IP, of inside SUN Host

PIX(config)# access-list acl-outside permit tcp host SunOutsideHost host SSH-Public eq 22

PIX(config)# access-group acl-outside in interface outside

static (inside,outside) SSH-Public SSH-LAN netmask 255.255.255.255 0 0

Check the SUN Whitepapers for the SSH implementation:

Configure SSH

http://www.sun.com/bigadmin/features/articles/sec_shell_1.html

Deployment and Installation

http://www.sun.com/blueprints/0701/openSSH.pdf

sincerely

Patrick

Re: Secure communication between 2 Solaris Via PIX

srowles — Wed, 27 Oct 2004 13:57:10 GMT

Hi Patrick

Thanks for the information. It has certainly given me something to think about. I am now also looking at the possibility of a GRE tunnel as my problem is not specifically one of security but more of a solution to avoid opening many ports on a firewall. I´m therefore looking for a suitable tunneling solution. Unfortunately I´m not a Unix person at all and I am trying to help someone else out with this problem from the perspective of being a Cisco bod.

Re: Secure communication between 2 Solaris Via PIX

Patrick Iseli — Wed, 27 Oct 2004 17:44:16 GMT

SSH uses a encrypted tunnel as GRE !

SSH support xDES, AES, blowfish .....

sincerely

Patrick