CSA @ Simultaneous data flux through multiple interfaces : BLOCK
Guys, I need some help with CSA. My client has the following scenario on it's remote assets:
- Every remote asset have 4 IP interfaces through which the employee is able to connect to networks: Wired, Wi-Fi(a/b/g), 3G via USB and Bluetooth. Being the 3G and BT through their BlackBerry smartphones.
- The user may use only 1 interface at a time, exclusively. Having the wired intf the top priority.
I've tried setting a few rules in order to get that behaviour:
1) Trigger: System State > Intf Wired active(custom set set to monitor the Wired intf only).
Rule: Network Access Control > Block traffic through all other intfs but the Wired.
2) Trigger: System State > Intf Wi-Fi active(custom set set to monitor the Wi-Fi intf only).
Rule: Network Access Control > Block traffic through all other intfs but the Wi-Fi.
And the 3rd and 4th rules are the same but regards the 3G and BT intfs.
The thing is that it won't work as fast and as precise as I need it. It takes way too long before the blocking actually starts happening and the end-user doesn't see that he's actually using just one intf. For instance, if he's connected via the Wired intf, if he turns the Wi-Fi Radio on, he will get the available networks listed and even get an IP address through DHCP by that intf.
Is there any way I can make these blocking more stable and precise? I wish I could make a rule that actually disables the adapter itself, as it would be seen in the OS, for instance in Windows, the red x would be marked upon the Wi-Fi adapter if the Wired adapter is already in use.
Re: CSA @ Simultaneous data flux through multiple interfaces : B
Sorry, csa does not control interface up/down, only filters. Why not just use the require vpn module that is already in the csamc, it will block incoming/most outgoing traffic on all interfaces, until either it can reach the csamc or the dns suffix matches the company dns.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...