Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
353
Views
0
Helpful
2
Replies

VPN and limiting internet access

JHyder000
Level 1
Level 1

‎06-17-2008 03:56 AM - edited ‎03-11-2019 06:00 AM

Hello all, I am very new to VPN's and Firewalls so please forgive me for lack of terminology usage.

I am part of a company that has 20 internal PC's and 25 external sites (Convienient stores) that are all now being placed on a VPN. We purchased a ASA 5510 for the office and we are placing Linksys RV042 routers at the stores. What my question is, is that we have a few stores that need limited internet access because we have Subway restaurants there and they need to download and upload at times. What I dont want is to allow full access to the net because of the chance of outside attacks or viruses.

My question is, what can be done to set the VPN in place but only allow certain access to web addresses that we say is alright to have communication with?

Is this possible and / or what else needs to be purchased?

I thank you in advance for any help you can advise on.

JJ

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎06-17-2008 06:45 AM

What I would do is tunnel all traffic to your ASA, then use the ASA to perform URL filtering to control where they can web surf.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml

Hope this helps.

0 Helpful

stephen.stack
Level 4
Level 4

‎06-23-2008 05:24 AM

Hi,

You may have a few simple options. You probably won't be able to configure url filtering on the linksys boxes, and depending on the way you have configured your VPN, you may not be able to url filter on the ASA either. If all traffic from the remote sites is traversing the VPN then try this on the ASA.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

This uses regular expressions to filter HTTP traffic based on specified HTTP traffic patterns.

Alternativly, you could just block all http outbound on the linsys boxes and have a permit rule for the indivdual addresses you need to allow.

i.e.

permit http 1.1.2.2

permit http 63.72.52.32

deny http all

I hope you get the idea here. Obviously you need to get the addresses of the individual websites for the second options. Pinging them usually does it.

HTH (Please rate if it does)

Stephen

========================== http://www.rconfig.com A free, open source network device configuration management tool, customizable to your needs! - Always vote on an answer if you found it helpful
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card