Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Configuring 3005 for client firewall push

Let me begin by describing our configuration. We have the 3005 concentrator and the clients are connecting with Cisco's VPN Client version 3.6.3. Split tunneling is enabled. I wanted to a configure a filter on the 3005 to push out to the clients. I understand that this firewall filter is only for traffic that is not tunneled. My question is what protocols/rule should I enable? I want the client computer to have the ability to do anything (http, ftp, telnet, etc.) while it is connected to the VPN concentrator. I just want to close any connection coming in. In the filter, should I allow everything going out but block everything coming in? Won't this have some effect I some programs that user might be using? What is the common config here.

Thanks for all your help.

New Member

Re: Configuring 3005 for client firewall push

The rules that you pass down to the client only affect inbound connections to the clients pc. You cannot restrict outbound access from the clients pc. So the question is, what access is needed by someone to access that clients pc? Is it a web server or running some other type of service thats required from other devices? From that is what you will base your rules on. Hope this helps.

Kurtis Durrett

New Member

Re: Configuring 3005 for client firewall push

My testing result with CPP (client push policy), it does block all incoming traffic both tunnelled and non-tunnelled traffic. So make sure that you don`t block the incoming encrypted traffic also.

Best Regards,

CreatePlease to create content