I have the need to prevent Remote Accesss clients using dial-up or vpn to have all files transferred while connected virus scanned before entering the main network. Here is my current layout:
Internet---PIX 515---RAS Server---2691 With ACLs---Network
The pix protects the RAS server from unauthorized traffic, The router protects the network from worms on infected dial-up and VPN clients. What I need is a box between the firewall and Ras server or the ras and router to scan for viruses on all traffic. I was thinkg some type of Application Layer Gateway with virus scann installed, but I have not had any luck finding one. The desire is to no longer worry if the remote client has virus protection installed or not, yet not allow infected files into the main network.
But for right now it appears that your traffic is flowing through your RAS server. Is this correct? If so you can use a product like Symantec Antivireus for Gateway. This will scan all TCP traffic that passes through the server for viruses.
Sorry the diagram is a little deceitful, not all of the Internet traffic goes through the RAS server, just dial-up and VPN. It is a MS 2000 Server with routing and remote access and Sophos installed. Even with real time Virus Scanning enabled it does not catch a virus that somebody may be copying up to a server on the inside. If he file is copied to the RAS server it catches it. Our email, web browsing, and worm detection is very tight already; it is just the virus infected files that may be copied from an infected host to the share server will not be caught until the nightly scan is done. There are performance issues when the real-time virus scan is enabled on the file-sharing servers.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :