Re: seeing outside corporate network when on VPN
- From: "stephen" <stephen_hope@xxxxxxxxxxxx>
- Date: Wed, 30 Jan 2008 17:49:49 GMT
"Jeff Liebermann" <jeffl@xxxxxxxxxx> wrote in message
news:4ta0q3l5rji2tmdug0phtd7edotr4mrrqp@xxxxxxxxxx
dold@xxxxxxxxxxxxxxxx hath wroth:
Jeff Liebermann <jeffl@xxxxxxxxxx> wrote:
That's the usual way a VPN is setup. When you're connected to the
corporate LAN (through the VPN), then you do not have access to the
internet.
I disagree. Your route to the internet is through the corporate LAN not
usually cut off. Most companies allow access to the internet.
Huh? I can't tell if you're suggesting that the route to the internet
must be through the corporate LAN, or if you're suggesting that it
might be. Either way will work because the only machines that should
be accessible through the VPN are those on the corporate LAN. Surfing
the web through the corporate LAN is not my idea of efficient use of
bandwidth.
Corporate security teams dont care about efficiency - just "do it my way or
else" :)
You can tweak it by changing the setting for the default gateway.
I disagree. If the corporate VPN is tunneled, you have no access to your
local LAN at all, including your own gateway.
PPTP VPN TCP/IP setup has the option of "use default gateway on remote
network" as in:
<http://technet.microsoft.com/en-us/library/bb878117.aspx>
which explains how to get simultaneous internet and VPN access (split
tunnel), something I consider to a be a generally bad idea. All other
VPN clients have a similar option.
Even with a split tunnel on a Nortel VPN, I can't change the routing once
the VPN is started. Some things I can set permanent routes for before I
connect the VPN, some are taken by the corporate VPN.
Well yeah. Nortel and SecureNet based VPN clients have manditory
settings that over-ride any tinkering you attempt. However, know that
I can setup a VPN using the SecureNet client, NOT enable manditory
settings, and tinker away merrily.
The VPN server can be set up up to force the "no split tunnel" option on
some products.
"no split tunnel" seems to override the routing table on a cisco VPN client
so all the user traffic goes thru the tunnel.
there was a rash of VPN products that would "policy check" the client a few
years back.
The idea was the PC would have to have the right config running, virus
checker up to date etc, or it is not allowed onto the corp network until
that is fixed - it gets parked in a crippled DMZ where upgrades can be done
instead.
--
--
Jeff Liebermann jeffl@xxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
Regards
stephen_hope@xxxxxxxxxxxx - replace xyz with ntl
.
- References:
- seeing outside corporate network when on VPN
- From: wbsurfver@xxxxxxxxx
- Re: seeing outside corporate network when on VPN
- From: Jeff Liebermann
- Re: seeing outside corporate network when on VPN
- From: dold
- Re: seeing outside corporate network when on VPN
- From: Jeff Liebermann
- seeing outside corporate network when on VPN
- Prev by Date: Re: seeing outside corporate network when on VPN
- Next by Date: Wireless Oddity
- Previous by thread: Re: seeing outside corporate network when on VPN
- Next by thread: Re: seeing outside corporate network when on VPN
- Index(es):
Relevant Pages
|
