Filter IPSec Access to Public Interface on Concentrator
We are using a concentrator for VPN Access into the network. We have modified the public filter so that only certain IP Addresses are allowed to access the concentrator. This filter is the default public filter on the public interface. This filter works great for L2TP/PPTP type connections, but does not block an IPSec connection. We have tried applying filters to the IPSec group itself but I believe this filter is to restrict access to devices once connected. I have read that the public interface filter will only block non-encrypted connections, which would explain our scenario. Whether this is fact or not what is the best way to restrict access to the public interface of the concentrator when the connection would be coming in IPSec. The customer is a large financial institution and would like this extra bit of security in case the connection information is compromised.
The public interface of the cvpn is in fact the VPN termination point, so I'm a bit confused about the objective "To restrict access to the public interface of the concentrator when the connection would be coming in IPSec"
The customer has concerns that if there IPSec group name and passwords were compromised that they could limit the users that were allowed to connect. So, in addition to supposedly being authorized to use the connection because they have the right credentials they want to add an additional step of assurance that the connection is coming from a known source (host ip address). I realize this is a bit of overkill, but the request has been made and I am researching in hopes of either finding an answer, or letting them know that it is not possible and that it is time to move to RSA.
There has been a lot of grey area when one needs to get started with ISE or when one does not have any specific background.Could you please guide me to what are the thing that one needs to know inside out and what are the things which require only a minim...
Hello Guys, I'm trying to create a simple script to create new objects on FMC via API, but I'm facing issues(Python 3.8). Script(that pretty simple, I'm not programmer, but I'm trying): import base64import sysimport requestsimport reimport ...
NetSec YouTube Channel
The NetSec Team is adapting our content delivery methods to enable our stakeholders to get the information they need from the places they frequent the most. YouTube is the go-to place for billions of users to learn about tech...
Our Firewalls are in Active / Standby mode. I would like to schedule reload every Sunday in following manner 1) Reload Standby Firewall at 1:002) Reload Active Firewall at 1:15 Basically I wish that both the firewalls are reloaded once every wee...
To participate in this event, please use the button to ask your questions
This topic is a chance to clarify your questions about Cisco Email Security Appliance (ESA) solutions.
Ask questions from ...