cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
523
Views
0
Helpful
4
Replies

3-party VPN client connecting to ASA

Hi All,

There are some users allowed to connect via VPN using the Cisco VPN client.

We've seen some users connecting with different clients for example:  http://www.shrew.net/download/vpn

I just tried it myself.

Just download the client, import the PCF and connect to the ASA.

The question is...

The only way to prevent the VPN users from connecting with any client besides the Cisco VPN client is by setting the client-type allowed for VPN on the ASA?

The fact that anybody with a VPN profile can use another client to connect does not impose any security risks?

Federico.

1 Accepted Solution

Accepted Solutions

Shouldn't be a problem as it will use the same IPSEC protocols to encrypt/decrypt the packet. One possiblity is if it doesn't comply 100% with the standard, it can could potentially cause adverse behaviour on the ASA.

View solution in original post

4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

Absolutely correct. You can use the "client-access-rule" to only allow cisco vpn client to connect, and you can also specify the version of cisco vpn client that is allowed to connect.

Here is the command for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/c4.html#wp2118499

Thank you, I can do that...

Do you think there's any security risk involved in using another VPN client (besides the Cisco client) to connect to the ASA?

It uses the same IPsec protocols, but it's an open source VPN program.

Federico.

Shouldn't be a problem as it will use the same IPSEC protocols to encrypt/decrypt the packet. One possiblity is if it doesn't comply 100% with the standard, it can could potentially cause adverse behaviour on the ASA.

Thank you my friend.

Federico.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: