cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
378
Views
0
Helpful
2
Replies

Configuring 3005 for client firewall push

triad
Level 1
Level 1

Let me begin by describing our configuration. We have the 3005 concentrator and the clients are connecting with Cisco's VPN Client version 3.6.3. Split tunneling is enabled. I wanted to a configure a filter on the 3005 to push out to the clients. I understand that this firewall filter is only for traffic that is not tunneled. My question is what protocols/rule should I enable? I want the client computer to have the ability to do anything (http, ftp, telnet, etc.) while it is connected to the VPN concentrator. I just want to close any connection coming in. In the filter, should I allow everything going out but block everything coming in? Won't this have some effect I some programs that user might be using? What is the common config here.

Thanks for all your help.

2 Replies 2

kdurrett
Level 3
Level 3

The rules that you pass down to the client only affect inbound connections to the clients pc. You cannot restrict outbound access from the clients pc. So the question is, what access is needed by someone to access that clients pc? Is it a web server or running some other type of service thats required from other devices? From that is what you will base your rules on. Hope this helps.

Kurtis Durrett

e.l
Level 1
Level 1

My testing result with CPP (client push policy), it does block all incoming traffic both tunnelled and non-tunnelled traffic. So make sure that you don`t block the incoming encrypted traffic also.

Best Regards,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: