03-03-2020 02:45 AM
Currently have an issue at the office, where the dev team(in Europe) needs to be able to work from home.
Now the company has a corporate vpn which we access via Cisco any-connect.
in europe they can only access the corp network from the office, but at home only their laptops can access the corp network since it carries anyconnect, but they essential need AP to be able to test their set top boxes, apple tv boxes and so forth.
So i've connected a home router directly to the laptop and then started anyconnect which is fine but once i try to share the hotspot from windows the option isn't allowed.
Is this due to a policy from Cisco annyconnect and is there a workaround as this is urgent.
Also in london we have 2 firewall boxes which are the termination points for the anyconnects, I was thinking maybe we should fire up another cisco asa firewall and create an ip-sec that the users from europe could get into, and once they have access they could share their connection over wiifi as long as they were using an Ethernet connection.
Any suggestions or solutions?
Thanks
Solved! Go to Solution.
03-03-2020 03:38 AM - edited 03-03-2020 03:50 AM
Hello my friend,
I dont know if i understood your doubt, but let me try.
Are you needing to connect your home users to your corp network using a vpn. Since it is only his own desktop/laptop, work fine, right? But you want connect also other devices like appletv and so on? Well.. think that it is not a vpn client-server.. it is a vpn site-to-site(can be IPSEC), since there are others devices(sourceS) needing access in your corp network.
In this case i agree with you, using a firewall box to provide security connection with your corporate network.
03-03-2020 03:38 AM - edited 03-03-2020 03:50 AM
Hello my friend,
I dont know if i understood your doubt, but let me try.
Are you needing to connect your home users to your corp network using a vpn. Since it is only his own desktop/laptop, work fine, right? But you want connect also other devices like appletv and so on? Well.. think that it is not a vpn client-server.. it is a vpn site-to-site(can be IPSEC), since there are others devices(sourceS) needing access in your corp network.
In this case i agree with you, using a firewall box to provide security connection with your corporate network.
03-03-2020 04:40 AM
Hi, thanks for your input, we ended up creating an IPSEC and from there they were able to gain access to the corp network,
Thanks again
03-03-2020 03:48 AM
03-03-2020 04:24 AM
Hi,
You have two options here:
- use site-to-site tunnels, so deploy a VPN gateway in the remote locations; afterwards control which host can send what traffic through the tunnel
- use the Office Extended Access Point feature, which i think will be better in your use case (traffic is tunnelled to the HQ via DTLS, you have both WiFi and Wired, can control what can go through the DTLS tunnel, can have multiple SSID's)
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide