Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
743
Views
0
Helpful
6
Replies

CSA with VPN Client and remote access

Go to solution
costin.vilcu
Level 1
Level 1

‎05-05-2006 10:51 AM - edited ‎02-21-2020 02:24 PM

Hi everyone!

I have the folowing isue: i have to tune CSA for a clinet that conects remotely with VPN Client only. He should not be able to connect to any other network neither lan nor dial-up.

Any idea of what policy should i modify or tune?

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ciscors
Level 1
Level 1
In response to costin.vilcu

‎05-29-2006 11:54 AM

You can create a network access rule which is dependent on a system state. The system state condition can be defined to have an address set which belongs to the VPN range and the network access rule would state that the client machine can only act as client/server on UDP/TCP ports when the system state is satisfied.

Hence, if the laptop isn't connected to the VPN, it wouldn't be able to act as a client/server for any connections at all and will be locked out. You would have to create an exception for the IP address of the VPN server at your corporate offices and allow those ports to be open from the CSA client.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
tsteger1
Level 8
Level 8

‎05-05-2006 08:23 PM

Probably a Network Access Control rule that allows addresses from the VPN to only access those resources which you desire. All ours come from a single address and we can restrict as necessary.

Tom S

0 Helpful

Go to solution
costin.vilcu
Level 1
Level 1
In response to tsteger1

‎05-07-2006 10:27 PM

thanks tsteger11

but i don't think this will solve it: beside the client connecting with VPN client to the main network, he shouldn't be able to connect to any network (lan or dial-up) when the VPN client is off. I mean the only connection that he can make should be through VPN Client.

thanks again,

costin

0 Helpful

Go to solution
ciscors
Level 1
Level 1
In response to costin.vilcu

‎05-29-2006 11:54 AM

You can create a network access rule which is dependent on a system state. The system state condition can be defined to have an address set which belongs to the VPN range and the network access rule would state that the client machine can only act as client/server on UDP/TCP ports when the system state is satisfied.

Hence, if the laptop isn't connected to the VPN, it wouldn't be able to act as a client/server for any connections at all and will be locked out. You would have to create an exception for the IP address of the VPN server at your corporate offices and allow those ports to be open from the CSA client.

0 Helpful

Go to solution
costin.vilcu
Level 1
Level 1
In response to ciscors

‎05-30-2006 03:54 AM

thanks ciscors, that was the ideea.

also thank you tsteger

0 Helpful

Go to solution
ciscors
Level 1
Level 1
In response to costin.vilcu

‎05-30-2006 05:57 AM

great

please rate this post

thx

0 Helpful

Go to solution
tsteger1
Level 8
Level 8
In response to costin.vilcu

‎05-31-2006 09:03 AM

You're welcome. Sorry I didn't see your second question, I was on vacation!

Tom S

0 Helpful
Customers Also Viewed These Support Documents