04-07-2010 11:09 AM
Hi All,
There are some users allowed to connect via VPN using the Cisco VPN client.
We've seen some users connecting with different clients for example: http://www.shrew.net/download/vpn
I just tried it myself.
Just download the client, import the PCF and connect to the ASA.
The question is...
The only way to prevent the VPN users from connecting with any client besides the Cisco VPN client is by setting the client-type allowed for VPN on the ASA?
The fact that anybody with a VPN profile can use another client to connect does not impose any security risks?
Federico.
Solved! Go to Solution.
04-08-2010 08:28 PM
Shouldn't be a problem as it will use the same IPSEC protocols to encrypt/decrypt the packet. One possiblity is if it doesn't comply 100% with the standard, it can could potentially cause adverse behaviour on the ASA.
04-08-2010 03:28 AM
Absolutely correct. You can use the "client-access-rule" to only allow cisco vpn client to connect, and you can also specify the version of cisco vpn client that is allowed to connect.
Here is the command for your reference:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c4.html#wp2118499
04-08-2010 06:54 AM
Thank you, I can do that...
Do you think there's any security risk involved in using another VPN client (besides the Cisco client) to connect to the ASA?
It uses the same IPsec protocols, but it's an open source VPN program.
Federico.
04-08-2010 08:28 PM
Shouldn't be a problem as it will use the same IPSEC protocols to encrypt/decrypt the packet. One possiblity is if it doesn't comply 100% with the standard, it can could potentially cause adverse behaviour on the ASA.
04-09-2010 07:20 PM
Thank you my friend.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide