The VPN Client includes an integrated stateful firewall that provides protection when split tunneling is in effect and protects the VPN Client PC from Internet attacks while the VPN Client is connected to a VPN Concentrator through an IPSec tunnel. This integrated firewall includes a feature called Stateful Firewall (Always On).
Stateful Firewall (Always On) provides even tighter security. When enabled, this feature allows no inbound sessions from all networks, regardless of whether a VPN connection is in effect. Also, the firewall is active for both encrypted and unencrypted traffic. There are two exceptions to this rule:
DHCP, which sends requests to the DHCP server out one port but receives responses from DHCP through a different port. For DHCP, the stateful firewall allows inbound traffic.
ESP - The stateful firewall allows ESP traffic from the secure gateway, because ESP rules are packet filters and not session-based filters. For the latest information on other exceptions, if any, refer to Release Notes for Cisco VPN Client for Windows.
To enable or disable the stateful firewall, use the following procedure:
Display the Options menu and click Stateful Firewall (Always on). Or right-click the lock icon in the system tray, and choose Stateful Firewall.
When the stateful firewall is enabled, you see a check in front of the option. This feature is disabled by default.
During a VPN connection, to view the status of this feature, right-click the lock icon in the system tray.
Copyright © 1998-2004, Cisco Systems, Inc. All rights reserved.