How 2 deny all but VPN frm remote site ?
I have several remote sites that connect via VPN to corporate via various broadbands ( DSL, ISDN, Cable ). Problem is the locals are getting into trouble by surfing when not using VPN through the ISP.
Would a solution be to shut down all ports save the VPN and would that allow them to continue to surf but forced through the corporate firewall ? Using Cisco. Suggestions for local firewall ( at remote site ) appreciated. Currently using a LinkSyS but it appears too Mickey Mouse for any detailed control.
Thanks,
Mike
Re: How 2 deny all but VPN frm remote site ?
Quote:
Originally posted here by Mv513
I have several remote sites that connect via VPN to corporate via various broadbands ( DSL, ISDN, Cable ). Problem is the locals are getting into trouble by surfing when not using VPN through the ISP.
Would a solution be to shut down all ports save the VPN and would that allow them to continue to surf but forced through the corporate firewall ? Using Cisco. Suggestions for local firewall ( at remote site ) appreciated. Currently using a LinkSyS but it appears too Mickey Mouse for any detailed control.
Thanks,
Mike
Kind of depends on how you have your VPN setup. If you are using IPSEC/ike you deny all outbound access except protocol 50/udp 500. I doubt your LInksys will let you do that, so you could setup your concentrator/vpn to use tcp/10000 instead of protocol 50, and your linksys should be able to filter on that.
As far as recommendations, for small remote locations, we have used pix-501s and for 40 or so people we have been using pix-506. They are also able to be configured to use a pure site-to-site VPN configuration...
Hope that helps steer you in the right direction...