cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1146
Views
10
Helpful
8
Replies

ramote access VPN

avilt
Level 3
Level 3
What are the remote access VPN products available from Cisco right now?

What 2 factor authentication schemes can I implement? I have a working active directory.

If I enable ssl vpn, users can use web browser to connect, allowing them to connect from anywhere. In such a case they will be able to downlaod the files from any pc and transfer the files to USB disk. These non-office PC's will not have any restrictions on USB storage usage. How can I address this issue?

Considering the above 2 factors, what is the right product for my office?

2 Accepted Solutions

Accepted Solutions

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

The first thing that came into my mind was the Cisco Secure Desktop for the USB issue.

Can files be read from and saved to an external removable media (such as a USB flash drive, a CD, or external disk) from within CSD Vault?

A. Yes , files can be read from or saved to removable drives, if  the setting  Disable access to network drives and network folders is  unchecked in ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

By default, the data is encrypted and is not visible if the USB drive is removed. The saved files on the external media are removed once Secure Desktop Vault is terminated/uninstalled, if the Do not encrypt files on removable drives option is unchecked.

To be able to view the data in the files,  you need to check the option Do not encrypt files on removable drives in the ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

So I would say Annyconect with CSD is they way to go

Regards

Remember to rate all the answers, that is as important as a thanks

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Hi,

In addition to Julio, I would like to add:

What are the remote access VPN products available from Cisco right now?

Cisco AnyConnect Secure Mobility Client Data Sheet

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0

What 2 factor authentication schemes can I implement? I have a working active directory.

1- With AnyConnect, you could use:

    AAA + Certificate

AnyConnect Certificate Based Authentication.

I agree, for the USB security concern, CSD will help you out.

Keep us posted.

Portu.

Please rate any post you find useful.

View solution in original post

8 Replies 8

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

The first thing that came into my mind was the Cisco Secure Desktop for the USB issue.

Can files be read from and saved to an external removable media (such as a USB flash drive, a CD, or external disk) from within CSD Vault?

A. Yes , files can be read from or saved to removable drives, if  the setting  Disable access to network drives and network folders is  unchecked in ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

By default, the data is encrypted and is not visible if the USB drive is removed. The saved files on the external media are removed once Secure Desktop Vault is terminated/uninstalled, if the Do not encrypt files on removable drives option is unchecked.

To be able to view the data in the files,  you need to check the option Do not encrypt files on removable drives in the ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

So I would say Annyconect with CSD is they way to go

Regards

Remember to rate all the answers, that is as important as a thanks

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi,

In addition to Julio, I would like to add:

What are the remote access VPN products available from Cisco right now?

Cisco AnyConnect Secure Mobility Client Data Sheet

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0

What 2 factor authentication schemes can I implement? I have a working active directory.

1- With AnyConnect, you could use:

    AAA + Certificate

AnyConnect Certificate Based Authentication.

I agree, for the USB security concern, CSD will help you out.

Keep us posted.

Portu.

Please rate any post you find useful.

Apart from certificates, what are the other means available to prevent the users from using non-office laptops to connect to VPN?

Hi Avilt,

To prevent access from specific machines and not users, CSD + HostScan is the ideal solution for you.

Advance Endpoint Assesment is the best way to validate a user's machine and make sure it meets the requirements.

You could check for a specific registry-key,  that only your Corporate machines are supposed to have.

Please check this out:

Configuring Host Scan and the Posture Module

Let me know.

Portu.

An additional 2-factor Auth that I presonally like is the solution from www.duosecurity.com. If your users have smartphones, these can be used as a token which is very comfortable for the users.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Nice link Karsten

fullseo954
Level 1
Level 1

Hi, you make a good point about VPN ... I never thought of that. Now -- If any of you are struggling with vpn problem, then I recommend you check out VPN Trade. There is a thorough review on ithere http://www.vpntrade.com I hope that helps some of you here at Cisco Forum!

Sal are you spamming the forum lol.  Come on now that is not what users over here looking for.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: