Setting up a new VPN ASA
Hey folks, I’m just curious of how people have setup their VPNs.
So 1 of the VPN interfaces is on the outside, and the other is on the inside. I was wondering, if the outside edge interface of the VPN is exposed, what do people do to protect that? Obliviously, many folks from different IPs need to authenticate to the VPN so it would hard to write an ACL to disallow IPs to connect…unless there is a GEO feature, which I do not think there is, but I will look.
This VPN will only be used for SSL VPN remote access only, nothing else. Does anyone have a recommendation of what ports I should open up for the users for them to use it? I also want to setup MFA, which would be through DUO maybe…so I would allow them to hit our VPN as well. So I'm presuming the only port I really need to allow sourced from the outside would be https 443 right?
No comments:
Post a Comment