• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Best practice

O

oddyager

Diamond Member
We acquired a new company last year and part of "site" overhaul we've been doing is adding a proxy server in there and adding a new cisco gear (security apparently wasn't a big concern there and the many maintenance periods they had meant longer lunch hours for the employees...). In anycase, I set up a DMZ on a ASA 5510 and placed the proxy in there. So basically there's 2 layers of filtering being done with access rules on the ASA to permit what types of web traffic and have web site filtering done on the proxy. Everything was cool until I've been hearing complaints about folks using MS VPNs from their machines to connect to remote client sites. Since there wasn't a proxy or firewall in the past this never came up. Brilliant. The MS VPNs can't terminate to a proxy so I was forced to do give the local machines straight static NAT translations and allowed GRE, PPTP traffic in from the ASAs. Is there a better way to do this? I would prefer to completely abandon the MS VPNs in favor of something else.
 
Since you allready have asa in place, why not use asa to terminate all the vpn client using cisco vpn client ?
 
Originally posted by: azev
Since you allready have asa in place, why not use asa to terminate all the vpn client using cisco vpn client ?
Click to expand...

I agree. I am in the process of doing the same thing now.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top