No.  I think that is fine *disclaimer* as long as the network admin has the
firewall in the company that routes the VPN connections very strict on its
security rules.

----- Original Message ----- 
From: "Booth Martin" <booth@xxxxxxxxxxxx>
To: <pctech@xxxxxxxxxxxx>
Sent: Tuesday, November 23, 2004 2:56 PM
Subject: Re: [PCTECH] VPN Set-Up (Cisco)


> I must misunderstand what you are saying, because I am seeing a conflict
in
> what you say.  I bet its me not catching some salient point.
>
> In my situation I have a d-link router with an always-on broadband
> connection.  When I want to work, I start the vpn connection which
connects
> me to the client iSeries (not their LAN though).  I can use either PC on
my
> LAN, use client access & Code/400 over either PC (so long as i start the
> vpn), and use e-mail, surf, connect to other iSeries machines on the web,
or
> even dial-up to direct-connect  with other iSeries.
>
> Is this scenario flawed, in your opinion?
>
> ---------------------------------
> Booth Martin
> http://www.martinvt.com
> ---------------------------------
> -------Original Message-------
>
> From: PC Technical Discussion for iSeries Users
> Date: 11/23/04 13:45:10
> To: PC Technical Discussion for iSeries Users
> Subject: Re: [PCTECH] VPN Set-Up (Cisco)
>
> I have to disagree.
>
> First, you should only be allowing ports across the VPN that are
necessary.
> If you have them all open going in, that is your biggest security hole.
The
> reason is, I am not really worried about the home PC being a bridge into
the
> corporate network.  What I would be worried about is software (viruses,
> spyware, etc) that is installed not he client computer.  They will invade
> your network irregardless if they are able to connect over their home
> broadband connection.
>
> By killing their local internet connection, what scenario are you trying
to
> protect from?  People are going to use the Internet and I would rather
have
> them pull all that bandwidth over their own line and not over the VPN
> connection.
>
> I feel having good security rules will eliminate the risk.
>
> ----- Original Message -----
> From: "Tom Jedrzejewicz" <tomjedrz@xxxxxxxxx>
> To: "PC Technical Discussion for iSeries Users" <pctech@xxxxxxxxxxxx>
> Sent: Tuesday, November 23, 2004 2:02 PM
> Subject: Re: [PCTECH] VPN Set-Up (Cisco)
>
>
> > On Tue, 23 Nov 2004 11:07:35 -0600, Scott Johnson
> > <sjohnson@xxxxxxxxxxxxxxxxxxxx> wrote:
> >
> > > We are using Cisco VPN Client to get access to company's network from
> home.
> > > Right now when I connect up I can only access the company's network.
No
> web
> > > browsing, No local network printing, & etc.
> >
> > This is exactly how I would set it up, and how I have the VPN
> > connections setup for our company.  Think of it this way . . . if the
> > local PC, which is outside of your firewall on an uncontrolled
> > internet connection, can access the internet AND the internal network,
> > then it can become a bridge, right around your firewall, between the
> > internet and the internal network.
> >
> > There is a setting on the Cisco VPN agent (in the Connection
> > definition) for "allow local LAN access".  I think it will allow for
> > printing on your homw network, but not internet access via your home
> > network.
> >
> > > At a previous job, I swear we were able to connect up via vpn client
and
> still
> > > access the Internet and such.  If I continue to remember correctly,
only
> the
> > > traffic that was suppose to goto the company's network went there. The
> rest was
> > > handled locally.  I don't think the browser traffic was sent thru the
> VPN
> > > connection.
> >
> > If you were the security person at the previous job bowed to user
> > pressure and made a poor choice (IMHO).
> >
> > > Has anybody set this sort of connection up via the Cisco VPN?  I check
> the Cisco
> > > site and they have a lot of docs there.  Can somebody point me to one
> that will
> > > help in this type of set-up?
> >
> > I am pretty sure it can be done, but I wouldn't do it.  For web
> > access, I would get the VPN setup to grab all web traffic and force it
> > through the company firewall.  There may be some routing issues on the
> > internal network as well.
> >
> > --
> > Tom Jedrzejewicz
> > tomjedrz@xxxxxxxxx
> > --
> > This is the PC Technical Discussion for iSeries Users (PcTech) mailing
> list
> > To post a message email: PcTech@xxxxxxxxxxxx
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/mailman/listinfo/pctech
> > or email: PcTech-request@xxxxxxxxxxxx
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/pctech.
>
> --
> This is the PC Technical Discussion for iSeries Users (PcTech) mailing
list
> To post a message email: PcTech@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/pctech
> or email: PcTech-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/pctech.
>
> --
> This is the PC Technical Discussion for iSeries Users (PcTech) mailing
list
> To post a message email: PcTech@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/pctech
> or email: PcTech-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/pctech.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.