Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN security question?

I am getting ready to roll out vpn3005 concentrator in my network. I will have both point-to-point VPN's and will aslo be using the client. For the clients I have a pool on the 3005 that is routable on my LAN. My plan is to authentciate to to NDS using ACS. My questions are:

1. should I put the 3005 in my DMZ or in parralel with my PIX ?

2. What is the best way to lock down users once they establish their tunnel?

1 REPLY
New Member

Re: VPN security question?

I would put the 3005 parralel to the PIX.

The best way to lock it down is to create rules, and then assign these rules to filters that get applied to the LAN-TO-LAN or the clients.

Example, to allow port 80 to all instranet sites.

(Name) Intranet

Inbound

Forwawd

TCP

0.0.0.0 Source

10.0.0.0 Destination

Port 80

Then go and assign Intranet to a Filter, then assign it to the group you want to limit.

99
Views
0
Helpful
1
Replies
CreatePlease login to create content