Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN and Virus Protection

Was wondering if there are any white papers or other documnetation on security of the Cisco VPN and the spread of virii. Attempting to convince the "powers that be" to allow home users to be able to connect to the corporate network via VPN. Serious concerns that the home systems will spread infections to the corporate network.

Many THX for any insight.


Re: VPN and Virus Protection

I don't believe that there are any white papers of this subject. But i do know some facts about lowering the risk of virus-infections through a VPN-Tunnel:

- Only allow the right things!

Make sure that there is a well-thought access-list for what a VPN-Client may do in your network. If they only need RDP and DNS services, then it is up to you to configure a matching access-list to prevent unwanted applications or ports on to your network!

- Require a Firewall!

You can configure a ASA or Pix with software version 7.x that they require the VPN-Client to have a up-and-running Firewall installed. If they don't have the required Firewall-software running; No entry! This is a option that can be configured on the Group Policy named 'Client Firewall'. Make sure you check out this option!

- Internet Access!

It is quite dangerous to give the VPN-Client access to the internet at the same time you let them connect to the Corporate Network. Then their able to download a virus while they are connected to your network! That's why it is not advisable to enable split-tunneling. You can give them internet access through the Corporate internet-connection if they actually need internet during the time they are connected. The VPN Client then automatically sends all internet-requests to the VPN-Endpoint, or even proxy a proxy on your network. It then sends the request to the internet using the Corporate (usually) protected internet connection!

I hope this information is of any use to you!

Please rate if the post is usefull!