This scenario might not be possible, but maybe there's a workaround;
We are using Cisco Anyconnect to connect to company resources. We also have a second vpn-installation with added security for access to a second network on a different site, a 3rd party company that has their own installation. A limited number of our users needs to access this. First they establish the VPN. Then they access the portal of the second VPN (A Citrix SSL Extender VPN), and authenticates there. The second VPN tries to add some routes to the local routing table of the client but is not allowed, as the Cisco Anyconnect locks down the routing table.
I tried to enable split-tunneling, but that is no point as the second VPN is accessed thru the first vpn. Hence, there's no point in adding routes to the Anyconnect routing table as the traffic passes thru the secondary vpn.
Are there any ways to add a route to the local routing-table of the client? 'Route add...' doesn't work (as expected, since Cisco Anyconnect locks down the routing table).
The reason why we need both VPN's active is cause the users needs to access both our resources and the 3rd party resources at once. So we can't disconnect the company VPN and establish the 3rd party VPN. A site-to-site VPN would solve this, but the 3rd party is not keen on that due to their security policies.
Hi, My initial thoughts (like you) would be to use a Site-to-Site VPN from your network, permitting traffic from the remote access VPN network to the 3rd party.
Alternatively what about running some VMs in your network which the remote access users connect to and then establish the VPN to the 3rd Party? They'd still have access to your network from their native computer and the 3rd party from the VM.
The Site-to-Site VPN is the most elegant solution.
HIDoes anyone know if there is an easier way than the belowQ. I check connection events for IOC's when requested and sometimes i have to check many url's which i am presently doing one url at a time and is very time consuming, is there a way to check mult...
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM vendor integration to help the customers to look for compliance of a dev...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?