02-21-2004 07:16 AM - edited 03-09-2019 06:30 AM
I have the need to prevent Remote Accesss clients using dial-up or vpn to have all files transferred while connected virus scanned before entering the main network. Here is my current layout:
Internet---PIX 515---RAS Server---2691 With ACLs---Network
The pix protects the RAS server from unauthorized traffic, The router protects the network from worms on infected dial-up and VPN clients. What I need is a box between the firewall and Ras server or the ras and router to scan for viruses on all traffic. I was thinkg some type of Application Layer Gateway with virus scann installed, but I have not had any luck finding one. The desire is to no longer worry if the remote client has virus protection installed or not, yet not allow infected files into the main network.
Thanks for any input.
Dave
02-21-2004 11:51 AM
You may want to check out this later on this year.
http://newsroom.cisco.com/dlls/partners/news/2004/pr_prod_02-13.html
But for right now it appears that your traffic is flowing through your RAS server. Is this correct? If so you can use a product like Symantec Antivireus for Gateway. This will scan all TCP traffic that passes through the server for viruses.
http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=142&EID=0
Most AV vednors have a similar product.
Mcafee's offereing
http://www.nai.com/us/products/mcafee/antivirus/internet_gateway/category.htm
If your traffic is not passing through the RAS server then you could set up a WIndows box as an internal router that the VPN traffic has to pass through and set up the AV scanning on that box.
Please have a look at the Cisco Security agent as well. This helps for "Day Zero" attacks when there are no virus definitions avaialble.
http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns413/networking_solutions_package.html
Hope this helps.
Please remember to rate all replies.
http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html
02-21-2004 02:29 PM
Sorry the diagram is a little deceitful, not all of the Internet traffic goes through the RAS server, just dial-up and VPN. It is a MS 2000 Server with routing and remote access and Sophos installed. Even with real time Virus Scanning enabled it does not catch a virus that somebody may be copying up to a server on the inside. If he file is copied to the RAS server it catches it. Our email, web browsing, and worm detection is very tight already; it is just the virus infected files that may be copied from an infected host to the share server will not be caught until the nightly scan is done. There are performance issues when the real-time virus scan is enabled on the file-sharing servers.
Thanks for your reply.
02-21-2004 02:45 PM
Is adding an internal w2k server as an internal router out of the question? I don't think Cisco offers anything that can get tnhis done at the moment.
02-21-2004 05:19 PM
Not at all, I'm quite sure i can do that..
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide