firewall feature on cisco vpn client 4.x and 5.x

Unanswered Question


I configure cisco vpn client ver 5.x on a xp machine and I see the "stateful Firewall (Always on)" under the option tab. If I have that option checked, does it mean the firewall always runs, even a vpn connection is not established?

do you suggest to check that box? Is there a firewall log that I can view?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mherald Tue, 10/16/2007 - 18:35
User Badges:

I run the 4.6 VPN client. I have run most Cisco VPN clients since ~ 3.x. The stateful firewall (Always on) (PS I hate that terminology), when checked means that the stateful firewall is always on, even if the VPN client isn't running.

By default, that means your desktop with the VPN client installed will not accept connections not associated with an outbound request. A fairly primitive, yet very functional firewall.

I suggest you leave that box checked unless you need to use that laptop/desktop for a server function (note helpdesk/various monitoring packages may need to contact that machine for various reasons).

If you modify the firewall via the VPN server, the rules will change for the client as well. This can keep users out of trouble in public / home Internet access areas.

There are logs, check under the log to determine/view where the logs may be.



This Discussion