So I'm going to be vague on some parts of this in regards to the actual implementation.
The objective is that we have a remote side operator who needs a very secure method of connecting to the server housing a controls system. Currently we have an ASA configured to administer a client VPN that only allows the specific subnet traffic across the VPN and the rest out of the client's NIC.
In discussing this solution we then proposed if a remote side Firewall packaged with the remote computer and a site to site connection would be a better solution? And if we did do that would it be better to have a remote firewall not in the site to site but a very restrictive ACL and the client using the Client VPN, or would it be better to get rid of the client VPN and just use the site to site to the router? I honestly don't know the answers to these questions, and of course reaching out to see if anyone here does.
No comments:
Post a Comment