|
No. I think that is fine *disclaimer* as long as the network admin has the firewall in the company that routes the VPN connections very strict on its security rules. ----- Original Message ----- From: "Booth Martin" <booth@xxxxxxxxxxxx> To: <pctech@xxxxxxxxxxxx> Sent: Tuesday, November 23, 2004 2:56 PM Subject: Re: [PCTECH] VPN Set-Up (Cisco) > I must misunderstand what you are saying, because I am seeing a conflict in > what you say. I bet its me not catching some salient point. > > In my situation I have a d-link router with an always-on broadband > connection. When I want to work, I start the vpn connection which connects > me to the client iSeries (not their LAN though). I can use either PC on my > LAN, use client access & Code/400 over either PC (so long as i start the > vpn), and use e-mail, surf, connect to other iSeries machines on the web, or > even dial-up to direct-connect with other iSeries. > > Is this scenario flawed, in your opinion? > > --------------------------------- > Booth Martin > http://www.martinvt.com > --------------------------------- > -------Original Message------- > > From: PC Technical Discussion for iSeries Users > Date: 11/23/04 13:45:10 > To: PC Technical Discussion for iSeries Users > Subject: Re: [PCTECH] VPN Set-Up (Cisco) > > I have to disagree. > > First, you should only be allowing ports across the VPN that are necessary. > If you have them all open going in, that is your biggest security hole. The > reason is, I am not really worried about the home PC being a bridge into the > corporate network. What I would be worried about is software (viruses, > spyware, etc) that is installed not he client computer. They will invade > your network irregardless if they are able to connect over their home > broadband connection. > > By killing their local internet connection, what scenario are you trying to > protect from? People are going to use the Internet and I would rather have > them pull all that bandwidth over their own line and not over the VPN > connection. > > I feel having good security rules will eliminate the risk. > > ----- Original Message ----- > From: "Tom Jedrzejewicz" <tomjedrz@xxxxxxxxx> > To: "PC Technical Discussion for iSeries Users" <pctech@xxxxxxxxxxxx> > Sent: Tuesday, November 23, 2004 2:02 PM > Subject: Re: [PCTECH] VPN Set-Up (Cisco) > > > > On Tue, 23 Nov 2004 11:07:35 -0600, Scott Johnson > > <sjohnson@xxxxxxxxxxxxxxxxxxxx> wrote: > > > > > We are using Cisco VPN Client to get access to company's network from > home. > > > Right now when I connect up I can only access the company's network. No > web > > > browsing, No local network printing, & etc. > > > > This is exactly how I would set it up, and how I have the VPN > > connections setup for our company. Think of it this way . . . if the > > local PC, which is outside of your firewall on an uncontrolled > > internet connection, can access the internet AND the internal network, > > then it can become a bridge, right around your firewall, between the > > internet and the internal network. > > > > There is a setting on the Cisco VPN agent (in the Connection > > definition) for "allow local LAN access". I think it will allow for > > printing on your homw network, but not internet access via your home > > network. > > > > > At a previous job, I swear we were able to connect up via vpn client and > still > > > access the Internet and such. If I continue to remember correctly, only > the > > > traffic that was suppose to goto the company's network went there. The > rest was > > > handled locally. I don't think the browser traffic was sent thru the > VPN > > > connection. > > > > If you were the security person at the previous job bowed to user > > pressure and made a poor choice (IMHO). > > > > > Has anybody set this sort of connection up via the Cisco VPN? I check > the Cisco > > > site and they have a lot of docs there. Can somebody point me to one > that will > > > help in this type of set-up? > > > > I am pretty sure it can be done, but I wouldn't do it. For web > > access, I would get the VPN setup to grab all web traffic and force it > > through the company firewall. There may be some routing issues on the > > internal network as well. > > > > -- > > Tom Jedrzejewicz > > tomjedrz@xxxxxxxxx > > -- > > This is the PC Technical Discussion for iSeries Users (PcTech) mailing > list > > To post a message email: PcTech@xxxxxxxxxxxx > > To subscribe, unsubscribe, or change list options, > > visit: http://lists.midrange.com/mailman/listinfo/pctech > > or email: PcTech-request@xxxxxxxxxxxx > > Before posting, please take a moment to review the archives > > at http://archive.midrange.com/pctech. > > -- > This is the PC Technical Discussion for iSeries Users (PcTech) mailing list > To post a message email: PcTech@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/pctech > or email: PcTech-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/pctech. > > -- > This is the PC Technical Discussion for iSeries Users (PcTech) mailing list > To post a message email: PcTech@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/pctech > or email: PcTech-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/pctech.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.