cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

640
Views
10
Helpful
8
Replies
Beginner

ramote access VPN

What are the remote access VPN products available from Cisco right now?

What 2 factor authentication schemes can I implement? I have a working active directory.

If I enable ssl vpn, users can use web browser to connect, allowing them to connect from anywhere. In such a case they will be able to downlaod the files from any pc and transfer the files to USB disk. These non-office PC's will not have any restrictions on USB storage usage. How can I address this issue?

Considering the above 2 factors, what is the right product for my office?

Everyone's tags (2)
2 ACCEPTED SOLUTIONS

Accepted Solutions

ramote access VPN

Hello,

The first thing that came into my mind was the Cisco Secure Desktop for the USB issue.

Can files be read from and saved to an external removable media (such as a USB flash drive, a CD, or external disk) from within CSD Vault?

A. Yes , files can be read from or saved to removable drives, if  the setting  Disable access to network drives and network folders is  unchecked in ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

By default, the data is encrypted and is not visible if the USB drive is removed. The saved files on the external media are removed once Secure Desktop Vault is terminated/uninstalled, if the Do not encrypt files on removable drives option is unchecked.

To be able to view the data in the files,  you need to check the option Do not encrypt files on removable drives in the ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

So I would say Annyconect with CSD is they way to go

Regards

Remember to rate all the answers, that is as important as a thanks

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Re: ramote access VPN

Hi,

In addition to Julio, I would like to add:

What are the remote access VPN products available from Cisco right now?

Cisco AnyConnect Secure Mobility Client Data Sheet

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0

What 2 factor authentication schemes can I implement? I have a working active directory.

1- With AnyConnect, you could use:

    AAA + Certificate

AnyConnect Certificate Based Authentication.

I agree, for the USB security concern, CSD will help you out.

Keep us posted.

Portu.

Please rate any post you find useful.

View solution in original post

8 REPLIES 8

ramote access VPN

Hello,

The first thing that came into my mind was the Cisco Secure Desktop for the USB issue.

Can files be read from and saved to an external removable media (such as a USB flash drive, a CD, or external disk) from within CSD Vault?

A. Yes , files can be read from or saved to removable drives, if  the setting  Disable access to network drives and network folders is  unchecked in ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

By default, the data is encrypted and is not visible if the USB drive is removed. The saved files on the external media are removed once Secure Desktop Vault is terminated/uninstalled, if the Do not encrypt files on removable drives option is unchecked.

To be able to view the data in the files,  you need to check the option Do not encrypt files on removable drives in the ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

So I would say Annyconect with CSD is they way to go

Regards

Remember to rate all the answers, that is as important as a thanks

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Re: ramote access VPN

Hi,

In addition to Julio, I would like to add:

What are the remote access VPN products available from Cisco right now?

Cisco AnyConnect Secure Mobility Client Data Sheet

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0

What 2 factor authentication schemes can I implement? I have a working active directory.

1- With AnyConnect, you could use:

    AAA + Certificate

AnyConnect Certificate Based Authentication.

I agree, for the USB security concern, CSD will help you out.

Keep us posted.

Portu.

Please rate any post you find useful.

View solution in original post

Beginner

ramote access VPN

Apart from certificates, what are the other means available to prevent the users from using non-office laptops to connect to VPN?

ramote access VPN

Hi Avilt,

To prevent access from specific machines and not users, CSD + HostScan is the ideal solution for you.

Advance Endpoint Assesment is the best way to validate a user's machine and make sure it meets the requirements.

You could check for a specific registry-key,  that only your Corporate machines are supposed to have.

Please check this out:

Configuring Host Scan and the Posture Module

Let me know.

Portu.

VIP Mentor

ramote access VPN

An additional 2-factor Auth that I presonally like is the solution from www.duosecurity.com. If your users have smartphones, these can be used as a token which is very comfortable for the users.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

ramote access VPN

Nice link Karsten

Highlighted
Beginner

ramote access VPN

Hi, you make a good point about VPN ... I never thought of that. Now -- If any of you are struggling with vpn problem, then I recommend you check out VPN Trade. There is a thorough review on ithere http://www.vpntrade.com I hope that helps some of you here at Cisco Forum!

Frequent Contributor

ramote access VPN

Sal are you spamming the forum lol.  Come on now that is not what users over here looking for.