© 2003, Cisco Systems, Inc. All rights reserved. CSVPN 4.07-1 Lesson 7 Configure the Cisco VPN Firewall Feature for IPSec Software Client.

Презентация:



Advertisements
Похожие презентации
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 11 Configure the Cisco Virtual Private Network 3002 Hardware Client for Unit and.
Advertisements

Option_W_3
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 8 Configure the Cisco VPN Client Auto-Initiation Feature.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 15 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 17 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 13 Configure the Cisco Virtual Private Network 3002 Hardware Client for Software.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 12 Configure the Cisco Virtual Private Network Client Backup Server, and Load Balancing.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 10 Configure the Cisco VPN 3002 Hardware Client for Remote Access Using Pre-Shared.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 14 Configuring the Cisco Virtual Private Network 3000 Series Concentrator for IPSec.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 8 Object Grouping.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 8 Object Grouping.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.
© 2002, Cisco Systems, Inc. All rights reserved. AWLF 3.0Module 7-1 © 2002, Cisco Systems, Inc. All rights reserved.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Cisco Secure Virtual Private Networks 4.0.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Administering Events and Generating Reports Managing Events.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 4 Cisco Virtual Private Network 3000 Concentrator Series Hardware Overview.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring Groups and Policies Building an Agent Kit.
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Configuring CSA Installing and Configuring CSA MC.
© 2001, Cisco Systems, Inc. CSIDS Chapter 9 Signature and Intrusion Detection Configuration.
© 2006 Cisco Systems, Inc. All rights reserved.SND v Building Cisco IPsec VPNs Building Remote Access VPNs.
Транксрипт:

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 7 Configure the Cisco VPN Firewall Feature for IPSec Software Client

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Objectives Upon completion of this lesson, you will be able to perform the following tasks: Configure the AYT feature. Configure the Stateful Firewall feature. Configure the CPP feature. Monitor the firewall feature on the Cisco VPN Client.

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Overview of the Software Clients Firewall Feature

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Firewall Application Split tunneling Encrypted tunnel traffic Local LAN traffic Internet traffic Cisco VPN Client and firewall Encrypted tunnel traffic Internet traffic Local LAN Split tunneling

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Windows-Based Software Client Firewall Features Are you there (AYT) Stateful Firewall Central Policy Protection (CPP) Cisco Integrated Client (CIC) firewall

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN The Software Clients AYT Feature

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN AYT Feature Cisco VPN Client software Stateful Firewall driver Microsoft Windows PC AYT

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuring the AYT Feature

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 1Select a Firewall Setting

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 2Identify a Firewall

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 3Configure a Custom Firewall

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 4Select the Firewall Policy

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN How the AYT Feature Works The Zone Labs ZoneAlarm firewall is operational. The tunnel is established. Internet Cisco VPN Client Firewall AYT

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Firewall OptionalWarning

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN The Software Clients Stateful Firewall Feature

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Stateful Firewall Feature Tunneled traffic Stateful Firewall (Always On) enabled Microsoft Windows PC Nontunneled traffic

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Enabling the Stateful Firewall Feature

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN The Software Clients CPP Feature

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN How CPP Works The policy is pushed. The administrator defines the policy. Cisco VPN Client Firewall The policy is forwarded. Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN CPP Supported Firewalls

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configure CPP

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Firewall Statistics

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Statistics Firewall Tab X Internet

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Firewall Rules

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Customizing Firewall Policy

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Building Customized Policies

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 1Define Rules to Restrict Traffic

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 2Add a New Policy

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 3Associate the New Rules with the Newly Created Policy

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 4Assign the New Policy to the CPP

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary The Software Client supports three firewall features: The AYT feature monitors the operation of a specific firewall. The Stateful Firewall feature is always on, even when no VPN tunnels are established. The CPP feature enables an administrator to push firewall policy to Software Clients.

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lab Exercise

© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lab Visual Objective P.0 Student PC with Cisco VPN Client P P.0 RTS Cisco VPN 3000 Web FTP RBB