cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
557
Views
0
Helpful
2
Replies

IPSEC Client FW

khaled.ahmed
Level 1
Level 1

Hi,

I?m configuring an IPSEC client VPN on an ASA5520 and want to require a personal Firewall on remote workstations, the list of personal FW does not include the windows FW, Do you know if this was not added for a security reason? And If I need to add it as a custom FW the ASA is requesting a vendor ID and product ID as well, do you know what the best way to find these information is?

Thanks,

Khaled

2 Replies 2

sachinraja
Level 9
Level 9

Khaled,

Cisco only supports the list of personal firewalls depicted on the ASA now. Not really sure when windows will get added. But you can personalise the protocols which the user can access through filters and you can apply to the userprofile, so that the user does not access anything else. This is the best way of doing this. This is just an access-list which will allow or disallow TCP/UDP ports for the user.

Hope this helps.. all the best

Raj

Thank you very much Raj for the quick respond, what I?m trying to do here is allowing remote users to access the Internet while connected to the internal network through the IPSEC client VPN but make sure that their workstations are protected from the Internet, I don?t want to tunnel everything but I have Split-Tunneling already configured to tunnel private traffic through the VPN.

One thing I though of is using the CPP feature and configure an ACL to permit all outbound traffic but deny all inbound to these users.

Do you think this is a good option or do you recommend something else?

Thanks,

Khaled