Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AkosBakos
Leader Leader
Leader

Remote Access VPN with limited acces before VPN tunnel establishment

Hi All,

I need to implement an RA configuration that fulfill the followings:

Client: Win 10 

After connecting to the local network (Wifi or cable) the public internet access must be diabled until the VPN tunnel establishment.

So the user can access his own local network but  he will not be able to reach the internet. However after the successful VPN connection he can reach the internet (through full-Tunnel VPN)

All ideas are welcome.

BR

Akos

 

----------------
\m/_(>_<)_\m/
0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend

Use Machine Authentication to connect to VPN before Windows logon and configure Route All Traffic thru GW - that should do it.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
AkosBakos
Leader Leader
Leader

Hi,

But in that case when the endpoint does not have network connection at all?
And I forgot an another requirement: VPN login with MFA with RSA....

BR

Akos

 

----------------
\m/_(>_<)_\m/
0 Kudos
G_W_Albrecht
Legend Legend
Legend

Then VPN will not be up, but Internet connection is impossible 😎 VPN login with MFA with RSA is not possible with Machine Authentication, so customer should choose if no internet or MFA with RSA is more important. You can also open a TAC ticket for more  information or let CP Professional Services do the configuration.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
AkosBakos
Leader Leader
Leader

Hi @G_W_Albrecht 

Now I am searching for a solution in Harmony Endpoint.  Maybe I can define profiles where one point can be if there is no VPN connection the internet access won't work.

Or this is wrong way?

A

----------------
\m/_(>_<)_\m/
0 Kudos
G_W_Albrecht
Legend Legend
Legend

No use, this is impossible - VPN will not connect without internet connection, so Machine Authentication is the solution here. And much better than MFA as the logon is done in the background. You could do MFA with RSA for Windows Logon instead...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events