Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA with VPN Client and remote access

Hi everyone!

I have the folowing isue: i have to tune CSA for a clinet that conects remotely with VPN Client only. He should not be able to connect to any other network neither lan nor dial-up.

Any idea of what policy should i modify or tune?

thanks

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: CSA with VPN Client and remote access

You can create a network access rule which is dependent on a system state. The system state condition can be defined to have an address set which belongs to the VPN range and the network access rule would state that the client machine can only act as client/server on UDP/TCP ports when the system state is satisfied.

Hence, if the laptop isn't connected to the VPN, it wouldn't be able to act as a client/server for any connections at all and will be locked out. You would have to create an exception for the IP address of the VPN server at your corporate offices and allow those ports to be open from the CSA client.

6 REPLIES
Blue

Re: CSA with VPN Client and remote access

Probably a Network Access Control rule that allows addresses from the VPN to only access those resources which you desire. All ours come from a single address and we can restrict as necessary.

Tom S

New Member

Re: CSA with VPN Client and remote access

thanks tsteger11

but i don't think this will solve it: beside the client connecting with VPN client to the main network, he shouldn't be able to connect to any network (lan or dial-up) when the VPN client is off. I mean the only connection that he can make should be through VPN Client.

thanks again,

costin

New Member

Re: CSA with VPN Client and remote access

You can create a network access rule which is dependent on a system state. The system state condition can be defined to have an address set which belongs to the VPN range and the network access rule would state that the client machine can only act as client/server on UDP/TCP ports when the system state is satisfied.

Hence, if the laptop isn't connected to the VPN, it wouldn't be able to act as a client/server for any connections at all and will be locked out. You would have to create an exception for the IP address of the VPN server at your corporate offices and allow those ports to be open from the CSA client.

New Member

Re: CSA with VPN Client and remote access

thanks ciscors, that was the ideea.

also thank you tsteger

New Member

Re: CSA with VPN Client and remote access

great

please rate this post

thx

Blue

Re: CSA with VPN Client and remote access

You're welcome. Sorry I didn't see your second question, I was on vacation!

Tom S

110
Views
0
Helpful
6
Replies
CreatePlease login to create content