Tom,

I was not getting snippy, I just did not want to start the VPN battle all over again. I watched it and commented on it the last time it came up here. I know there are pluses and minuses to it. I was just looking for where I can find the information so that I can properly present it to the CTO here at work. I am no way connected to the security here. I am just a 'lowly programmer' that wants to be as productive as I can be, no matter where I am working.

And thank you for the info you gave. It definitely gives me a direction to go to get some good information. I noticed the split tunneling in the section of help I posted. A light bulb went on,"oh, yeah that is what it is called'.

Thanks,
    Scott

Tom Jedrzejewicz wrote:
On Tue, 23 Nov 2004 15:31:14 -0600, Scott Johnson
<sjohnson@xxxxxxxxxxxxxxxxxxxx> wrote:

I was NOT looking for a "you should not do that" type of answer. I already know
there are pluses and minuses to doing it.


OK, let me get this straight.  You ask a question, and then get snippy
when some advice is offered instead of a specific answer to your
question?

Dude, you aren't paying us.  Get over it.


Also, it looks like Cisco already
handles the issues some people have.  From the Cisco VPN Client help: "The VPN
Client includes an integrated stateful firewall that provides protection when
split tunneling is in effect and protects the VPN Client PC from Internet
attacks while the VPN Client is connected to a VPN Concentrator through an IPSec
tunnel. This integrated firewall includes a feature called Stateful Firewall
(Always On)."


The fact that you CAN do it doesn't mean that you SHOULD do it.  There
is disagreement, even on this list; I don't think that you should.

From the VPN Concentrator help screen
"Split tunneling is primarily a traffic management feature, not a
security feature. In fact, for optimum security, we recommend that you
not enable split tunneling."

That said . . . "split tunnelling" is the key term.  It is configured
in the GROUP settings, on the CLIENT CONFIG tab of the VPN
concentrator admin console, accessed by browsing to the concentrator
and logging on.  There is a bit more to split tunneling than just
turning it on; the online help from the VPN concentrator explains it
pretty well.  The settings can be made VERY specific, or there are
three "standard ones"
- tunnel everything, which is the standard
- tunnel everything except specific traffic - this allow local printing, etc.
- tunnel only specific traffic - this allows internet access at the client side


I was looking to hear from people who have this type of set-up and can point me
to the proper docs.  Cicso has a lot of docs on their sight and I was hoping for
a pointer to one or two that would help me down the right path.


Satisfied?


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.