Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4071
Views
0
Helpful
2
Replies

Force Users To Connect To A VPN

pharring123
Level 1
Level 1

‎03-02-2011 06:32 AM

Our organization is using Windows XP Pro and the Cisco VPN Client version 5.0.4.0300.  Later this year we are looking to migrate to Windows 7.

Question 1

Part of our requirement for the migration to Windows 7 is to have all remote users connect via a secured VPN connection and not use the internet.  For example:  If a user connects to a hotel jack we want the VPN login to automatically appear before an network connection is established.  The user should only gain internet access if he/she sucessfully connects to the VPN.  Can I ensure this with the Cisco Client software or would I need an additional software application to ensure this?  If I require an addition software application could you all suggest a few?

Question 2

We also do not want a duel connection to occur.  For example we do not want a user to connect to the VPN via an ethernet cable and connect to the internet via a wireless connection.  To summarize, our organization does not wish to allow split tunneling and does not wish to allow a user to connect to the internet without already being logged into the VPN.  Can I ensure this with the Cisco Client software or would I need an additional software application to ensure this?  If I require an addition software application could you all suggest a few?

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎03-02-2011 11:55 PM

Peter,

What you can use for question 1 is SBL + TND:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html#wp1059922

When not on corporate network start befor login module would be started.

For questions 2. This should be the case by default? The situation you describe you would like to prevent would require manual modification of routing table. Normally (at least with old Cisco VPN client) the client would discover modification of routing table and change it back (on windows, Linux etc work differently). Have you seen a different behavior in practice?

Marcin

0 Helpful

pharring123
Level 1
Level 1
In response to Marcin Latosiewicz

‎03-04-2011 05:13 AM

Thank you very much for getting back in touch with me.  We are reviewing the documentation for that and I think it sounds like what we were lo

oking for.

0 Helpful
Customers Also Viewed These Support Documents