The following is the RFP from one of my customer.Please any one could provide the solution .
I wold select ASA 5500 series for the VPN then what cisco product to choose for the Remote user logging and cetral database storage ofthe users details.
1. Remote Connection
VPN solution will be used soley to give external employees access to ous external and internal network resources over the Internet as if they were physically resident in the office.
2. Virtual Network Policies
Successful connections will reside on a separate virtual network that can have different policies than our internal network (ie. checking for latest antivirus version, existence of client firewall, authorized applications, etc?)
3. Supported Applications
Remote users must be able to access our internal web-based applications, File Servers, Remote Desktop Connection to internal servers, Ping servers, and telneting into UNIX servers.
- The ability to log the details of remote connections such as: username, connection date/time, source IP, protocol used, application name, connection length, etc?
- To store logs in a central event database for all the activities done by the remote users.
- Basic reporting feature to view all historical logs in a readable format.
5. Security Permissions
Ability to differentiate between different types of administration (ie. Report viewing only, full administration privilege).
6. Needed Users License
Initially, only 25 named users OR 15 concurrent users licenses will be needed for remote connections with potential for at least 100 named users.
6. management console of the VPN solution ---Cisco Security Manager ?
The below is my comments on this RFP
I need to know the product for taking detailed logging as given in item no 4.
Please tell us the security product to propose. I believe that ASA5500 VPN edition would do the above functions. For monitoring the logging in users and storing them in central event database which product of Cisco could be proposed.
What about CSM for the ASA vpn to monitor the remote vpn users. What should we use for central event database?
Please i looking forward your reply since the last date for the proposal submission is due this week.
As per your query, you are using ASA 5500 device as VPN server for your network setup. So, AIP-SSM is IDS module for ASA suitable for your scenario which monitors as well as prevent the malicious traffic from propagate in to the network and also stores the events in the eventstore.
Sorry for the late response.. i was actually going through your requirement.. You can select the ASA appliance model depending on the capability... I have been actually trying to find the logging device for VPN...i'm really not sure about CSM, as i havent worked on it.. but whatever it is, the ASA firewall has to send the VPN client accounting information to the radius.. not really sure if this has been incorporated till now.. I'm really sure that the Cisco IOS routers with 12.4 supports VPN client accounting.... even the vpn concentrator supports this, but not really sure about ASA, as there are no config guides quoting the same !!!! i think apart from item 4, all others have been decided by you.. right ? if not, let us know..
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...