I have a s pair of Cisco A5520 Firewall running in HA Active Passive mode.
In the firewall, I have configured Remote Access VPN, allow my users to VPN to the firewall and access servers inside Internal network.
If I will to purchase ASA Content Security SSM-10, will it protect my internal servers from virus in vpn users' labtop, if the users labtop is affected by virus?
Split tunneling is disabled when users login to vpn. If I will to implement SSM-10, will I be able to block certain URL that I don't want my users to access?
I understand that VPN traffic is encrypted, such that nature of the traffic cannot be determined. Encryption should stop at firewall and further traffic should not be encrypted. Will this un-encrypted traffic being scan by CSC SSM-10?
This setup is different from normal deployment of CSC SSM, where users are behind ASA Firewall. In this case, users are outside firewall and their traffic are VPN traffic to internal servers.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...