[afnog] Controlling VPN Sessions on Cisco ASA
Dennis Schreiber
ds at ainex.net
Thu Dec 31 21:37:06 UTC 2009
Hi.
Musa E.A Kijera wrote:
> I need advice on the above caption .
>
> I set-up an IPSEC site-to-site VPN connection with our parent company to
> enable some of the support staff remotely using IPSEC Remote Access to be
> able to connect remotely and render support .
>
> Using Cisco ASDM I can monitor all the active connections , recently I
> noticed that I could not Control who from the remote site accesses the
> systems and if they access the systems I can't have an audit trail .
>
> I would like to know if there is any way that I can control who access my
> systems and to be have an audit trail .
Actually IPSec L2L connections are intended to connect networks not
people. As we usually cannot force, or know the design of the remote
network, we also cannot control who is using the VPN from the remote side.
But as far as I know it is possible to let users connecting to the ASA
firewall. You may audit this type of connection probably. Please have a
look on "Remote Access VPN" and "SSL VPN/Web VPN" here:
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
Happy new decade.
Regards,
Dennis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://afnog.org/pipermail/afnog/attachments/20091231/e8c76669/attachment.pgp>
More information about the afnog
mailing list