Below is the content i copied from vpn concentrator help
If you choose Firewall Required, all users in this group must use the designated firewall. The VPN Concentrator drops any session that attempts to connect without the designated, supported firewall installed and running. In this case, the VPN Concentrator notifies the VPN Client that its firewall configuration does not match.
created a group and under the section client firewall,
enabled firewall required
cpp -policy to be pushed (created rules)
when a vpn client with stateful firewall always ON ticked , the client connects and the cpp policy is pushed.
when the stateful firewall always ON isnt ticked, i.e. when we disable the firewall, the client still connects and cpp policy is pushed
is this expected. because the help posted earlier says the concentrator will check if the firewall is running, if its not running, it will not allow to connect
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...