© 2003, Cisco Systems, Inc. All rights reserved. CSVPN 4.07-1 Lesson 7 Configure the Cisco VPN Firewall Feature for IPSec Software Client. - презентация

1 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 7 Configure the Cisco VPN Firewall Feature for IPSec Software Client

2 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Objectives Upon completion of this lesson, you will be able to perform the following tasks: Configure the AYT feature. Configure the Stateful Firewall feature. Configure the CPP feature. Monitor the firewall feature on the Cisco VPN Client.

3 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Overview of the Software Clients Firewall Feature

4 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Firewall Application Split tunneling Encrypted tunnel traffic Local LAN traffic Internet traffic Cisco VPN Client and firewall Encrypted tunnel traffic Internet traffic Local LAN Split tunneling

5 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Windows-Based Software Client Firewall Features Are you there (AYT) Stateful Firewall Central Policy Protection (CPP) Cisco Integrated Client (CIC) firewall

6 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN The Software Clients AYT Feature

7 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN AYT Feature Cisco VPN Client software Stateful Firewall driver Microsoft Windows PC AYT

8 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configuring the AYT Feature

9 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 1Select a Firewall Setting

10 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 2Identify a Firewall

11 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 3Configure a Custom Firewall

12 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 4Select the Firewall Policy

13 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN How the AYT Feature Works The Zone Labs ZoneAlarm firewall is operational. The tunnel is established. Internet Cisco VPN Client Firewall AYT

14 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Firewall OptionalWarning

15 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN The Software Clients Stateful Firewall Feature

16 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Stateful Firewall Feature Tunneled traffic Stateful Firewall (Always On) enabled Microsoft Windows PC Nontunneled traffic

17 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Enabling the Stateful Firewall Feature

18 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN The Software Clients CPP Feature

19 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN How CPP Works The policy is pushed. The administrator defines the policy. Cisco VPN Client Firewall The policy is forwarded. Internet

20 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN CPP Supported Firewalls

21 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Configure CPP

22 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Firewall Statistics

23 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Statistics Firewall Tab X Internet

24 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Software Client Firewall Rules

25 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Customizing Firewall Policy

26 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Building Customized Policies

27 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 1Define Rules to Restrict Traffic

28 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 2Add a New Policy

29 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 3Associate the New Rules with the Newly Created Policy

30 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Step 4Assign the New Policy to the CPP

31 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary

32 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Summary The Software Client supports three firewall features: The AYT feature monitors the operation of a specific firewall. The Stateful Firewall feature is always on, even when no VPN tunnels are established. The CPP feature enables an administrator to push firewall policy to Software Clients.

33 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lab Exercise

34 © 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lab Visual Objective P.0 Student PC with Cisco VPN Client P P.0 RTS Cisco VPN 3000 Web FTP RBB