Enforcing stateful firewall on VPN Clients with ASA

Answered Question
Dec 17th, 2008
User Badges:

Hi,


I'm setting up a Cisco ASA to terminate remote VPN client connections but I want to ensure that the stateful firewall is enabled on the client.


I know that this is possible with the VPN Concentrator but can't see any documentation detailing this can be achieved on an ASA.


Anybody come across this?


Thanks,


James

I believe you can use the group policy settings to configure client firewall.

You can find more informations about this feature in the migration guide at http://www.cisco.com/en/US/docs/security/asa/asa72/vpn3000_upgrade/upgrade/guide/migrate.html.

Hope this help.

Andrea.


Step 1 Under the Configuration > VPN > General > Group Policy panel, select the group policy in the table and

click Edit. ASDM displays the Edit Group Policy dialog box.

Step 2 Click the Client Firewall tab. Figure 5-6 shows the client firewall options configured for this example:

• Inherit-unchecked (disabled)

• Firewall Setting-Firewall Required

• Firewall Type-Cisco Integrated Client Firewall

• Firewall Policy-Policy Pushed (CPP)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer

I believe you can use the group policy settings to configure client firewall.

You can find more informations about this feature in the migration guide at http://www.cisco.com/en/US/docs/security/asa/asa72/vpn3000_upgrade/upgrade/guide/migrate.html.

Hope this help.

Andrea.


Step 1 Under the Configuration > VPN > General > Group Policy panel, select the group policy in the table and

click Edit. ASDM displays the Edit Group Policy dialog box.

Step 2 Click the Client Firewall tab. Figure 5-6 shows the client firewall options configured for this example:

• Inherit-unchecked (disabled)

• Firewall Setting-Firewall Required

• Firewall Type-Cisco Integrated Client Firewall

• Firewall Policy-Policy Pushed (CPP)

Actions

This Discussion