Quick question guys - How can I assure security when using a client VPN connection from within my network to an external company's network. I understand that creating a site to site connection would be best - however If I were to use a client VPN connection then how can I stop users on the remote company's subnet browsing my network via the virtual VPN connection?
Hi Michael - thanks for your reply, however my question really is when the client VPN establishes a connection to a remote site there are two active connections opened on that PC - the local connection and a virtual connection, this sort of bridges the two networks together. What I would like to know is how could the security of our network be compromised as the virtual VPN connection to the remote subnet would allow all packets back to the originating host due to the VPN - what's to stop a hacker at the remote end dropping a script onto the VPN PC from the remote site that would allow malicious traffic to jump the virtual connection to physical subnet - does this make sense?
If you look at the Transport tab of the Connection Properties, you will see a checkbox for a feature called "Allow Local LAN Access". The help file suggests leaving this "unchecked" provides the protection you are seeking.
The Options menu also provides access to a Stateful Firewall.
When you say "sort of bridges the two networks together", are you suggesting that packets are freely forwarded from one interface to the other? If so, I don't agree. I don't think the host will do this without a routing function installed, or being compromised.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :