RE: Cisco VPN Client - Stateful Firewall

From: Rosenhan, David (
Date: 02/24/04

  • Next message: Fralick, Alan: "Re: Why Security testing is required"
    Date: Tue, 24 Feb 2004 14:44:53 -0700
    To: "Omar Khawaja" <>, <>


    I used to work for Cisco on the VPN team and when the VPN client
    stateful firewall was checked it only allowed outgoing connections for
    ESP and ISAKMP traffic, basically it blocked everything but VPN traffic
    incoming and outgoing. It is a very basic firewall, mostly used for
    users that are not doing any split-tunneling and if you can't afford a
    3rd party firewall solution.

    I would suggest enabling it and then run a program called LanGuard
    against the IP address of the computer. LanGaurd has a 30 day trial
    version out there you can download, you will probably need to google it.
    From here you should be able to tell what is left open when it is


    David Rosenhan, CCNP
    Information Technology

    -----Original Message-----
    From: Omar Khawaja []
    Sent: Monday, February 23, 2004 9:01 AM
    Subject: Cisco VPN Client - Stateful Firewall

    Does anyone have any thoughts on how secure the "Stateful Firewall",
    that is
    integrated with the Cisco VPN Client, is? I was hoping someone may have
    some penetration testing targeted at this particular feature of the
    Omar Khawaja


    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.
    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.
    Download 30-day evaluation at:

  • Next message: Fralick, Alan: "Re: Why Security testing is required"