What's new

Lan notification when WAN is accessed via RDC or Cisco Any Connect VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

jamesnmandy

Regular Contributor
I work from home and have an Asus (Merlin flashed) RT-AC68U router running Skynet and Diversion if any of that matters for potential implementations.

My company uses various methods to remote in for maintenance and such, including RDS and Cisco Any Connect VPN client. Not sure what other protocols they use. This is perfectly normal and I grant (by default) this access on my home network. I am not trying to interrupt this process, simply making it something that can't happen passively and silently across my home network.

What I am wondering is, Is there a way to actively be notified (and logged) any time one of these connection attempts are made? I don't want to actively block them of course. But it would be nice if I had the same level of access control on my end, minimally with a notification and ideally I would need to provide them with a user account and password that I control for access to my LAN.
 
What are they remoting into? afaik, I don't think either of those can be used to get into your router.
 
It's a laptop owned by another company. That's why I grant access and don't want to block its access. I reserve the right to be informed as to when and how long any outside connections to that machine are and from where they originate as long as they are doing so on my network.

It seems like such a simple thing to expect to me, I just don't know how to make it happen.
 
I think we're confused by your description of how they are connecting to you. You only mention RDS and Cisco Any Connect VPN client. The VPN client would normally be used by the user to connect to the company, not the other way around. Likewise RDS is a cloud/server system so it seems unlikely you would be running such a server on your home network.
 
Correct. I assumed if I can use Any Connect to initiate a connection from my end they can do the same from their end. If not then forget that.

I want to know anytime a connection from a certain source is connecting to any machine across my network. Maybe that's the easier way, though if they use a VPN it would be difficult to determine the source of the connection no?

I just know they can silently connect to that machine via my network and I would like to know when this occurs.
 
For an Enterprise laptop sitting at home:

When on AnyConnect, the enterprise can get to your laptop as they see fit and you will never know since at the network layer, it is all encrypted within the VPN tunnel, so all flows will look like an IPSEC or TLS tunnel back to the enterprise VPN server.

When off of AnyConnect, this will depend on the various agents installed on your laptop if they have this ability. There are agents that can phone home and provide remote access/control of the device. You "might" be able to see these flows, but would require some more digging via PCAP and an inventory of the agents loaded on your enterprise laptop.
 
Are you a local admin on the enterprise laptop? If so, disable the service when nobody should be connecting.

If not, that limits your options.

If the expectation is that work can connect to the system at any time, that obviously limits what you can do.
 
Any computer you don't trust, use it on a Guest network (ideally via YazFi on its own subnet) with no intranet access allowed at all.

Doesn't matter what they're able to do from their end. They will be 'stuck' at their computer on yours.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top