cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
348
Views
0
Helpful
1
Replies
hanwucisco
Beginner

remote vpn design recommendation, plz

Please see the attach topo,

Site B Firewall blocks many webs(hundreds of them, on totally different IPs) other url, which users in Site B need to access them. Site A firewall doesn’t block any of the webs. So I’d like to setup a remote VPN(it has to Remote VPN for administrative reasons) through ASA or IOS.

Question for you is:

How do you manage the traffic? I can think the following,

  • •1.      All the traffic going to VPN gateway, which is RA/ASA.
  • •2.      Split tunneling? Will it work? Since the user’s traffic can hit FW on site B first, right? Is it any way that tell the user computer how to route them? Indivually it is impassible.

Thanks,

Han

1 REPLY 1

Hi Han,

1- Indeed tunnelall is more secure, since you have full control. You can then define certain rules on the FW to restrict access to the certain resources.

2- Split-tunneling on the other hand is useful as long as you know that the user is fully protected against virus and malware, since by accessing bad sites on the Internet and at the same time internal resouces, the user may spread out the malicious software.

Are you using AnyConnect or the VPN client?

With AnyConnect you could use CSD and HostScan, in addition with the Web Security Module.

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0

Let me know.

Portu.

Please rate any helpful posts

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (50%)

Content for Community-Ad