cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

277
Views
0
Helpful
1
Replies
Highlighted
Beginner

remote vpn design recommendation, plz

Please see the attach topo,

Site B Firewall blocks many webs(hundreds of them, on totally different IPs) other url, which users in Site B need to access them. Site A firewall doesn’t block any of the webs. So I’d like to setup a remote VPN(it has to Remote VPN for administrative reasons) through ASA or IOS.

Question for you is:

How do you manage the traffic? I can think the following,

  • •1.      All the traffic going to VPN gateway, which is RA/ASA.
  • •2.      Split tunneling? Will it work? Since the user’s traffic can hit FW on site B first, right? Is it any way that tell the user computer how to route them? Indivually it is impassible.

Thanks,

Han

Everyone's tags (5)
1 REPLY 1

remote vpn design recommendation, plz

Hi Han,

1- Indeed tunnelall is more secure, since you have full control. You can then define certain rules on the FW to restrict access to the certain resources.

2- Split-tunneling on the other hand is useful as long as you know that the user is fully protected against virus and malware, since by accessing bad sites on the Internet and at the same time internal resouces, the user may spread out the malicious software.

Are you using AnyConnect or the VPN client?

With AnyConnect you could use CSD and HostScan, in addition with the Web Security Module.

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0

Let me know.

Portu.

Please rate any helpful posts

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here