VPN3030 Group filter and Firewall Policy (CPP) filter - what's differences?
I am trying to push the firewall policy (CPP) to the client's personal firewall, Cisco Integrated Client. We are running V. 3.6 on the concentrator and the client.
I would like to know the differences between setting up the filter on the Group level (User Management/Groups/General) versus setting up the filter on the Firewall Policy (User Management/Groups/Client FW).
My intention is to restrict VPN users to only certain network segments base on on group membership. I already have the network lists setup. How should this be configured on the concentrator? I am not quite sure where the filter should be applied. We are also not allowing split tunneling.
Re: VPN3030 Group filter and Firewall Policy (CPP) filter - what
The idea is the same, they are filters for the group, or in the case of CPP for the client. However, the CPP only applies to microsoft clients. Another difference would be when you create the rules, the direction for general filter is relative to the concentrator, whereas for the CPP, the direction is relative to the client.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...