Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
191
Views
0
Helpful
1
Replies

Remote Worker VPN configuration

Greg Dickinson
Level 1
Level 1

‎02-09-2016 10:27 PM

Hi everyone,

I've got what I consider to be an interesting problem and want to see if someone else has run across this and might have some feedback.

We have a number of "work at home" users, actually around 15% of our total workforce all told.  For our users that need a corporate phone number we provide them a low-end router (an 871) and a 7942 handset along with their workstation, and set up a VPN tunnel between our router and the ASA 5520 back at the datacenter.  Right now we are using the default "dynamic" crypto-map, since these are on home internet connections that for the most part don't have static IP addresses.  

The issue arises when one of these users leaves the company, especially if it's "not voluntary", shall we say :)  We would like to be able to terminate their VPN tunnel without killing *all* the connections.  Right now since they're all using the "default" crypto-map this isn't possible.  Is there a configuration that would allow me to uniquely identify a specific tunnel and block it from connecting?

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-09-2016 11:01 PM

You could use EasyVPN.  The ASA would be the server, and the 871s would be the clients.

Authenticated each client using a username and password.  You can use a local username/password on the ASA, or a RADIUS server.

Either way when the person leaves delete/disable the account.

Another option is to enable the ASA certificate server.  Issue a certificate to each remote device, and use RSA/certificate authentication.  If a person leaves then revoke the certificate on the ASA.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents