Blocking IP addressess/subnets from accessing via the remote VPN.
I'l start with saying what I've currently got set up.
We currently have a SA 520 set up in a control center with 3 remote VPNs set up to external networks so that a Database in the control center can share data with the databases on the 3 external networks.
This works great and we can know access the network from any external source (if they have a username and password) using the shrew remote VPN.
The query i have is what would have if someone tried to access the network via remote VPN when they are on a subnet the same as one of the subnets currently used by one of the 3 external networks? would this cause problems and if so how can i block those subnets from being used by people using the remote VPN?
The internal network at the control center is 192.168.106.0/24 and 1 of the external sites that the VPN has a link to is 192.168.100.0/24 so basically what would happen if i was sat at home on a laptop configured as 192.168.100.4 for example and tried to remote vpn to the internal network would it fail or would it interfere/clash with the current VPN (this is the one thing i must prevent) and if so how can i prevent it?
Any help with this would be great folks and much appriciated
If you are using split tunnel and pushing 192.168.100.x/24 network, the end user will not be able to access the remote network as 192.168.100.x is a directly connected network. If you do a full tunnel, where everything is going via the VPN tunnel, then this would not be a problem. The case you are talking about is overlapping network and it happens sometime. So, to avoid the problem, make sure that the end users network is not from the same range that of your 3 external networks.
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. We are now looking to our amazing tech community to check out the amazing line up of bloggers, vloggers and podcasters. Make sure to vote for your favorites...
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Juniper EX 2300 switch to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnec...
At the core of the new Firewall Threat Defense (FTD) software version 7.x, Snort 3 provides faster and superior threat protection and performance, includes better SecureX integration so SecOPS teams can quickly pivot and correlate events from multiple pr...