Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

General VPN security question about remote clients with Viruses


I have been asked to give a definitive answer to the following question, I think I know the answer to this but just want it confirmed.

We have a Cisco Router with VPN this Router is protected with ACL's etc and IPS. A user connects via VPN to our LAN and they have a virus on the remote device is the network then vulnerable, basically as they have access via VPN does it give them full access through the Firewall and could this virus then propergate?



Re: General VPN security question about remote clients with Viru

Yes it can propergate via the VPN to your internal network!! Depending on what type of virus it is you may be able to block it with ACLs on the router but that really depends on the type of virus.



Re: General VPN security question about remote clients with Viru

yes and no. i guess it depends on the way the remote vpn access is configured.

e.g. with a router, when you configure remote vpn access, an inbound acl is still required. thus it's a very good opportunity to secure your lan, as you can restrict the access down to protocol/port level.

alternatively, if you are using pix, you can disable the command "sysopt connection permit-ipsec" and then configure inbound acl to restrict the remote vpn access.

providing the inbound acl is restricting the remote vpn access down to the protocol/port level, it then depends on what sort of virus the remote pc got. the virus may or may not be able to spread out, and maybe simply blocked by the acl.

cisco actually introduces network admission control (nac), which offers a comprehensive solution in securing the lan. in summary, when local/remote pc tries to connect to the network, the security level (i.e. os patch, virus update etc) will be examined before the pc will be accepted and granted connectivity. for more info, please read:

CreatePlease to create content