I have a requirement whereby my customer wants to lock down their laptops so that they can only access internal addresses. This is easy enough, however when a user takes the laptop out of the office, the customer needs to allow the laptop sufficient access to enable them to connect to a wireless or wired POP, and then launch the VPN client to allow them to access the internal services.
So my idea was to create a state based rule where, if the client can't see the MC, then they get temporary access to external IP addresses to allow them to connect to a POP, and also launch the VPN client. After a set time, all external access is removed to stop the user from accessing the internet.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...