|
Tom,
Thanks, Scott
On Tue, 23 Nov 2004 15:31:14 -0600, Scott Johnson <sjohnson@xxxxxxxxxxxxxxxxxxxx> wrote:
I was NOT looking for a "you should not do that" type of answer. I already know
there are pluses and minuses to doing it.
OK, let me get this straight. You ask a question, and then get snippy when some advice is offered instead of a specific answer to your question?
Dude, you aren't paying us. Get over it.
Also, it looks like Cisco already handles the issues some people have. From the Cisco VPN Client help: "The VPN Client includes an integrated stateful firewall that provides protection when split tunneling is in effect and protects the VPN Client PC from Internet attacks while the VPN Client is connected to a VPN Concentrator through an IPSec tunnel. This integrated firewall includes a feature called Stateful Firewall (Always On)."
The fact that you CAN do it doesn't mean that you SHOULD do it. There is disagreement, even on this list; I don't think that you should.
From the VPN Concentrator help screen"Split tunneling is primarily a traffic management feature, not a security feature. In fact, for optimum security, we recommend that you not enable split tunneling."
That said . . . "split tunnelling" is the key term. It is configured in the GROUP settings, on the CLIENT CONFIG tab of the VPN concentrator admin console, accessed by browsing to the concentrator and logging on. There is a bit more to split tunneling than just turning it on; the online help from the VPN concentrator explains it pretty well. The settings can be made VERY specific, or there are three "standard ones" - tunnel everything, which is the standard - tunnel everything except specific traffic - this allow local printing, etc. - tunnel only specific traffic - this allows internet access at the client side
I was looking to hear from people who have this type of set-up and can point me to the proper docs. Cicso has a lot of docs on their sight and I was hoping for a pointer to one or two that would help me down the right path.
Satisfied?
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.