Hi All ..
I have a requirement whereby my customer wants to lock down their laptops so that they can only access internal addresses. This is easy enough, however when a user takes the laptop out of the office, the customer needs to allow the laptop sufficient access to enable them to connect to a wireless or wired POP, and then launch the VPN client to allow them to access the internal services.
So my idea was to create a state based rule where, if the client can't see the MC, then they get temporary access to external IP addresses to allow them to connect to a POP, and also launch the VPN client. After a set time, all external access is removed to stop the user from accessing the internet.
I have read through this document - (http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/secwlandg20/csa_mobile_secure.html#wp963193)
Which provides an overview of the connectivity i need including detail of a 300second timer which is invoked when the MC becomes unreachable, but it is unclear where to set this timer - any ideas ??
Does anyone have a suggested policy that will achieve what i have described above
Thanks in advance