Site B Firewall blocks many webs(hundreds of them, on totally different IPs) other url, which users in Site B need to access them. Site A firewall doesn’t block any of the webs. So I’d like to setup a remote VPN(it has to Remote VPN for administrative reasons) through ASA or IOS.
Question for you is:
How do you manage the traffic? I can think the following,
•1. All the traffic going to VPN gateway, which is RA/ASA.
•2. Split tunneling? Will it work? Since the user’s traffic can hit FW on site B first, right? Is it any way that tell the user computer how to route them? Indivually it is impassible.
1- Indeed tunnelall is more secure, since you have full control. You can then define certain rules on the FW to restrict access to the certain resources.
2- Split-tunneling on the other hand is useful as long as you know that the user is fully protected against virus and malware, since by accessing bad sites on the Internet and at the same time internal resouces, the user may spread out the malicious software.
Are you using AnyConnect or the VPN client?
With AnyConnect you could use CSD and HostScan, in addition with the Web Security Module.
Setting up some 3rd party devices for my Fire and Rescue trucks that will VPN back to our FPR-2110. I can blatantly see what's going on with the IKEv2 platform and protocol debugs on. It's selecting the wrong dynamic map!IKEv2-PLAT-4: (32): Cry...
On January 22, 2020, the Cisco Product Security Incident Response Team (PSIRT) disclosed a vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC). The vulnerability could allow an unauthenticated, remote attac...
Meet the Authors Event - A Cybersecurity Deep Dive with Omar Santos
(Live event – Thursday, January 23rd, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 23rd, January 2020 at 10hrs PDT
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...