Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
1
Replies

remote vpn design recommendation, plz

hanwucisco
Level 1
Level 1

‎10-11-2012 02:38 PM

Please see the attach topo,

Site B Firewall blocks many webs(hundreds of them, on totally different IPs) other url, which users in Site B need to access them. Site A firewall doesn’t block any of the webs. So I’d like to setup a remote VPN(it has to Remote VPN for administrative reasons) through ASA or IOS.

Question for you is:

How do you manage the traffic? I can think the following,

  • •1.      All the traffic going to VPN gateway, which is RA/ASA.
  • •2.      Split tunneling? Will it work? Since the user’s traffic can hit FW on site B first, right? Is it any way that tell the user computer how to route them? Indivually it is impassible.

Thanks,

Han

Labels:
Preview file
16 KB
0 Helpful
1 Reply 1

Javier Portuguez
Level 9
Level 9

‎10-11-2012 05:07 PM

Hi Han,

1- Indeed tunnelall is more secure, since you have full control. You can then define certain rules on the FW to restrict access to the certain resources.

2- Split-tunneling on the other hand is useful as long as you know that the user is fully protected against virus and malware, since by accessing bad sites on the Internet and at the same time internal resouces, the user may spread out the malicious software.

Are you using AnyConnect or the VPN client?

With AnyConnect you could use CSD and HostScan, in addition with the Web Security Module.

Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.0

Let me know.

Portu.

Please rate any helpful posts

0 Helpful
Customers Also Viewed These Support Documents