Currently other IPSec VPN client has a secure way of protecting the host machine by doing basic FW.
Basically, the VPN client has intelligence if user is on corp network, VPN or home network (RFC 1918). It knows when to turn the FW ON or OFF.
Cisco has same kind of intelligence on the client but only when the tunnel is UP, CPP on CIC.
I would like to have the same kind of protection even when tunnel is down and have the client understand if it is on corp (tunnel is down but know it is a trusted network), VPN (tunnel is up and getting corp trusted IP) or home network (RFC 1918 - CPP/CIC in effect but tunnel is down, non-trusted network).
As much as possible I would like to see this FW functionality integrated on the VPN client or integrated CSA on VPN IPSec client with policy centrally configurable in ASA or PIX or Security Appliance.
Does Cisco have this client available instead of using a 3rd party FW client (FW, Zone Alarm, BlackICE, etc).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...