Site B Firewall blocks many webs(hundreds of them, on totally different IPs) other url, which users in Site B need to access them. Site A firewall doesn’t block any of the webs. So I’d like to setup a remote VPN(it has to Remote VPN for administrative reasons) through ASA or IOS.
Question for you is:
How do you manage the traffic? I can think the following,
•1. All the traffic going to VPN gateway, which is RA/ASA.
•2. Split tunneling? Will it work? Since the user’s traffic can hit FW on site B first, right? Is it any way that tell the user computer how to route them? Indivually it is impassible.
1- Indeed tunnelall is more secure, since you have full control. You can then define certain rules on the FW to restrict access to the certain resources.
2- Split-tunneling on the other hand is useful as long as you know that the user is fully protected against virus and malware, since by accessing bad sites on the Internet and at the same time internal resouces, the user may spread out the malicious software.
Are you using AnyConnect or the VPN client?
With AnyConnect you could use CSD and HostScan, in addition with the Web Security Module.
We’re excited to announce new capabilities with Secure Endpoint that allow you to simplify your security and maximize your security operations: Unify your security stack and reduce agent fatigue with Cisco Secure Client; harness integrated risk-based vuln...
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/ciscochampions
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of d...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...
Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ...