11-08-2022 04:40 AM
Hello everyone,
We have Cisco Catalyst switches and Cisco routers I want to block VPN in my LAN network how do I?
11-08-2022 04:44 AM - edited 11-08-2022 04:45 AM
@Faizi for an IPSec VPN you'd need to block ESP, UDP/500 and UDP/4500 - the best place for this would probably on your router.
Example:
ip access-list extended BLOCK-VPN
deny esp any any
deny udp any any eq 500
deny udp any any eq 4500
permit ip any any
!
interface gigabitethernet 0/2
description INSIDE Interface
ip access-group BLOCK-VPN in
If you are referring to an SSL/TLS-VPN that's slightly hard as that using TCP/443 and UDP/443, which would block access to most websites that use TLS.
11-08-2022 05:07 AM
Thank you dear but ASA firewall is best than Cisco Umbrella?
11-08-2022 05:09 AM
@Faizi ASA is a firewall and Umbrella is primarily DNS/Web filtering solution, but there is a cloud based firewall.
Regardless, you said you had Cisco switches and routers, not ASA or Umbrella. If you had an ASA, then you could block VPNs using the ASA.
11-08-2022 04:56 AM
https://popravak.wordpress.com/2011/11/07/cisco-ios-vpn-filter/
Use vpn filter to exclude lan from vpn
11-08-2022 05:06 AM
Thank you dear but ASA firewall best than Cisco Umbrella?
11-08-2022 05:53 AM
a firewall and umbrella have some similarities but they have different purposes. a firewall is meant to monitor and block traffic into and out of your network in simple terms. umbrella is how you filter what websites your users visit via DNS/web as @Rob Ingram said. One is not better than the other in fact depending on your network it would most likely be recommended to use both or devices similar to both. If i am not mistaken a NGFW could also act as a DNS/web filter but it would not hurt to also use Umbrella but there is still some issues with sites that use SSL like various 18+ websites which become slightly harder to block.
11-08-2022 06:07 AM
Thank you dear
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide