Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1401
Views
10
Helpful
8
Replies

ramote access VPN

Go to solution
avilt
Level 3
Level 3

‎09-11-2012 06:55 PM

What are the remote access VPN products available from Cisco right now?

What 2 factor authentication schemes can I implement? I have a working active directory.

If I enable ssl vpn, users can use web browser to connect, allowing them to connect from anywhere. In such a case they will be able to downlaod the files from any pc and transfer the files to USB disk. These non-office PC's will not have any restrictions on USB storage usage. How can I address this issue?

Considering the above 2 factors, what is the right product for my office?

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎09-11-2012 09:54 PM

Hello,

The first thing that came into my mind was the Cisco Secure Desktop for the USB issue.

Can files be read from and saved to an external removable media (such as a USB flash drive, a CD, or external disk) from within CSD Vault?

A. Yes , files can be read from or saved to removable drives, if  the setting  Disable access to network drives and network folders is  unchecked in ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

By default, the data is encrypted and is not visible if the USB drive is removed. The saved files on the external media are removed once Secure Desktop Vault is terminated/uninstalled, if the Do not encrypt files on removable drives option is unchecked.

To be able to view the data in the files,  you need to check the option Do not encrypt files on removable drives in the ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

So I would say Annyconect with CSD is they way to go

Regards

Remember to rate all the answers, that is as important as a thanks

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to Julio Carvajal

‎09-12-2012 06:10 AM

Hi,

In addition to Julio, I would like to add:

What are the remote access VPN products available from Cisco right now?

Cisco AnyConnect Secure Mobility Client Data Sheet

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0

What 2 factor authentication schemes can I implement? I have a working active directory.

1- With AnyConnect, you could use:

    AAA + Certificate

AnyConnect Certificate Based Authentication.

I agree, for the USB security concern, CSD will help you out.

Keep us posted.

Portu.

Please rate any post you find useful.

View solution in original post

8 Replies 8

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎09-11-2012 09:54 PM

Hello,

The first thing that came into my mind was the Cisco Secure Desktop for the USB issue.

Can files be read from and saved to an external removable media (such as a USB flash drive, a CD, or external disk) from within CSD Vault?

A. Yes , files can be read from or saved to removable drives, if  the setting  Disable access to network drives and network folders is  unchecked in ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

By default, the data is encrypted and is not visible if the USB drive is removed. The saved files on the external media are removed once Secure Desktop Vault is terminated/uninstalled, if the Do not encrypt files on removable drives option is unchecked.

To be able to view the data in the files,  you need to check the option Do not encrypt files on removable drives in the ASDM panel Configuration-Remote Access VPN-Secure Desktop Manager-Prelogin Policy-Secure Desktop (Vault) Settings .

So I would say Annyconect with CSD is they way to go

Regards

Remember to rate all the answers, that is as important as a thanks

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to Julio Carvajal

‎09-12-2012 06:10 AM

Hi,

In addition to Julio, I would like to add:

What are the remote access VPN products available from Cisco right now?

Cisco AnyConnect Secure Mobility Client Data Sheet

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0

What 2 factor authentication schemes can I implement? I have a working active directory.

1- With AnyConnect, you could use:

    AAA + Certificate

AnyConnect Certificate Based Authentication.

I agree, for the USB security concern, CSD will help you out.

Keep us posted.

Portu.

Please rate any post you find useful.

Go to solution
avilt
Level 3
Level 3
In response to Javier Portuguez

‎09-13-2012 12:47 AM

Apart from certificates, what are the other means available to prevent the users from using non-office laptops to connect to VPN?

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to avilt

‎09-13-2012 05:19 AM

Hi Avilt,

To prevent access from specific machines and not users, CSD + HostScan is the ideal solution for you.

Advance Endpoint Assesment is the best way to validate a user's machine and make sure it meets the requirements.

You could check for a specific registry-key,  that only your Corporate machines are supposed to have.

Please check this out:

Configuring Host Scan and the Posture Module

Let me know.

Portu.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎09-13-2012 05:27 AM

An additional 2-factor Auth that I presonally like is the solution from www.duosecurity.com. If your users have smartphones, these can be used as a token which is very comfortable for the users.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Javier Portuguez
Level 9
Level 9
In response to Karsten Iwen

‎09-13-2012 06:19 AM

Nice link Karsten

0 Helpful

Go to solution
fullseo954
Level 1
Level 1

‎12-03-2012 07:49 AM

Hi, you make a good point about VPN ... I never thought of that. Now -- If any of you are struggling with vpn problem, then I recommend you check out VPN Trade. There is a thorough review on ithere http://www.vpntrade.com I hope that helps some of you here at Cisco Forum!

0 Helpful

Go to solution
ALIAOF_
Level 6
Level 6
In response to fullseo954

‎12-03-2012 09:55 AM

Sal are you spamming the forum lol.  Come on now that is not what users over here looking for.

0 Helpful
Customers Also Viewed These Support Documents