12-12-2002 01:43 PM - edited 03-09-2019 01:23 AM
Let me begin by describing our configuration. We have the 3005 concentrator and the clients are connecting with Cisco's VPN Client version 3.6.3. Split tunneling is enabled. I wanted to a configure a filter on the 3005 to push out to the clients. I understand that this firewall filter is only for traffic that is not tunneled. My question is what protocols/rule should I enable? I want the client computer to have the ability to do anything (http, ftp, telnet, etc.) while it is connected to the VPN concentrator. I just want to close any connection coming in. In the filter, should I allow everything going out but block everything coming in? Won't this have some effect I some programs that user might be using? What is the common config here.
Thanks for all your help.
12-12-2002 01:48 PM
The rules that you pass down to the client only affect inbound connections to the clients pc. You cannot restrict outbound access from the clients pc. So the question is, what access is needed by someone to access that clients pc? Is it a web server or running some other type of service thats required from other devices? From that is what you will base your rules on. Hope this helps.
Kurtis Durrett
12-23-2002 08:26 PM
My testing result with CPP (client push policy), it does block all incoming traffic both tunnelled and non-tunnelled traffic. So make sure that you don`t block the incoming encrypted traffic also.
Best Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: