4 Replies Latest reply on Jun 2, 2009 3:45 AM by ksanderson

    RSD 2.0 and Cisco VPN Client

    JeffGerard
      I have come to a stand-still with this with McAfee support and thought I'd see if anyone out there has come across this problem and a possible workaround.

      I am using ePO4P4 and RSD2P2.

      I have a Cisco 3000 VPN Concentrator and am using the v5.x VPN client.

      I have a rogue sensor on my vpn subnet and am trying to catch rogues connecting via vpn *or* trying to use automatic responses to convert vpn-only clients to point to new ePO server.

      Because the cisco vpn client uses the same MAC for every client, I am unable to match on MAC. I have tried matching using other options but there are jsut too many variables that come into play.

      Has anyone out there had any success on finding a workaround for this scenario to allow mac matching to work properly?? As it stands, the last client detected is the only device detected.

      Thanks in advance for any insight...
        • 1. RE: RSD 2.0 and Cisco VPN Client
          The question is:
          what you trying to achieve here Jeff?
          If you worry about rouge usage of your VPN may be its better to consider NAC or certificates as second factor authentication on VPN concentrator?

          The only thing that I was able to do with VPN clients is to create different software\DAT deployment policy that run every 10 minutes instead every 90 minutes for LAN clients.
          But in any case I have to wait until client agent will initiate connection with ePo server, update IP, then it moved to VPN group, then it has new policy.
          Since Cisco VPN blocking all inbound connection I can't do more than this.

          Future plans are enforce strict NAC policy, since I able to identify client by IP and run different set of checks.
          • 2. RE: RSD 2.0 and Cisco VPN Client
            JeffGerard
            We do use 2 factor authentication. We require a group logon/password within the client as well as AD creds. The problem that I have run into is there are some people that have the vpn installer with built-in group logon/pass so they install the client on their home pc's that are not managed by me. I need to know when these clowns connect so I can remove their access...
            • 3. RE: RSD 2.0 and Cisco VPN Client
              Have same problem - going to use machine certificates when marking private key unexportable (please use for CA key size of 2048 - VPN 3000 limitation).
              So if VPN concentrator will be not able to identify certificate + group password + AD account user will be not able to access.

              and first who I will catch with trying to use his personal PC will go to HR :mad::p
              • 4. RE: RSD 2.0 and Cisco VPN Client
                The folllowing may be of use for those of us with clients coming in over VPN - it prevents ePO from using the MAC of the virtual interface for matching

                https://kc.mcafee.com/corporate/index?page=content&id=KB52949