Currently other IPSec VPN client has a secure way of protecting the host machine by doing basic FW.
Basically, the VPN client has intelligence if user is on corp network, VPN or home network (RFC 1918). It knows when to turn the FW ON or OFF.
Cisco has same kind of intelligence on the client but only when the tunnel is UP, CPP on CIC.
I would like to have the same kind of protection even when tunnel is down and have the client understand if it is on corp (tunnel is down but know it is a trusted network), VPN (tunnel is up and getting corp trusted IP) or home network (RFC 1918 - CPP/CIC in effect but tunnel is down, non-trusted network).
As much as possible I would like to see this FW functionality integrated on the VPN client or integrated CSA on VPN IPSec client with policy centrally configurable in ASA or PIX or Security Appliance.
Does Cisco have this client available instead of using a 3rd party FW client (FW, Zone Alarm, BlackICE, etc).
Thanks for reading my post and your feedback.