cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
342
Views
0
Helpful
1
Replies

Problem with VPN client software users

sajedehmad
Level 1
Level 1

Dear support team,

The problem is I don't want the users in my wireless LAN to get access to certian URLs, for this i am using websense URL filter in conjunction with my ASA firewall and IPS, the problem is, some of the users in my WIRELESS LAN are using VPN client softwares on their individual laptops and accessing the URLs which i don't want them to access, just because the traffic initiated from their laptops itself is encrypted the websense filter, the IPS and the firewall is NOT able to detect it and stop the incoming and outgoing traffic. How do I over come this problem ?

The possible solution i thought of is... I can just block connections on the inside interface of the ASA (by putting an ACL to not allow traffic from any to any udp 500) so the user will not be able to make the vpn tunnel from laptop..

But, when i do this all the legitimate VPN connections will also be denied, and the SSL connections/HTTPS traffic will also not work. And this option won't work if the users want to access the corporate network using VPN client.

Another query i have is.. suppose i have about 10-15 employees accessing my corporate network at a time through VPN client softwares on their laptops, and suppose one of the employees has evil intentions and wants to send an encrypted .exe file on some critical server on the DMZ or on the inside of the network through the VPN tunnel he has already formed, i guess his .exe file will go undetected and also i won't be able to find out the culprit among the many remote users.. ?? No.. ??

Regards..

Please do help me.. Thanks in advance

1 Reply 1

manasjai
Cisco Employee
Cisco Employee

Hi Mohammed,

Could you share the sh tech of the ASA? Please specify the tunnel group you are using as well as the interface on which these users are located

Are you using split tunneling for the VPN users ?

Cheers...

Manasi!!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: