Guys, I need some help. One of our customers bought the CSA solution in order to protect and narrow Internet access when an employee is out of the office.
Here is the scenario: If an employee takes one of the company's laptop to his house/hotel/etc and try to access any Internet based service(HTTP, HTTPS, P2P, FTP, Torrent, etc) it is MANDATORY that this person establish a VPN connection, this way all content will be processed by the company's Proxy and Firewall, there isn't split tunnel policy; otherwise all TCP/UDP stream should be BLOCKED.
I'm using the Roaming - Force VPN(action: Query the User, when: MC unreachable & Ethernet Active and NOT when: MC is reachable) and the Cisco VPN Client Rule Modules; there is no Temporary Allow Web Browser rule enabled. But I need some help with the parameters, what happens is that if the user answer yes(allow) to the Query message and does not have a VPN Connection he still manages to access the internet and that's not acceptable.
I need to BLOCK ALL UDP/TCP stream at first, ask the user if the VPN is established, check the status of the VPN connection and then, if is tunnel is UP allow access else block everything until the VPN is established.
Can you guys help me?
Thanks in advance!
Att, Daniel Yamashita
PS: I'm using CSA MC v.126.96.36.1993 hot fix(fcs-csamc-hotfix-188.8.131.523-w2k3-k9.zip)