Re: Split Tunnel Question
- From: roberson@xxxxxxxxxxxx (Walter Roberson)
- Date: Thu, 14 Sep 2006 19:37:17 GMT
In article <1158261026.613045.309590@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
<nt_pete@xxxxxxxxxxx> wrote:
Thanks for the quick reply. So it looks like I need to:
1. Create new VPN group
That's probably for the best. Don't give the split tunnel to
people who don't need it.
2. Make sure new group recieves different network from home office
3. New group should use home DNS/WINS
Is there a good reason that they need to use the home DNS?
Your HQ is probably better protected against DNS poisoning
and such. But moreso, those users are probably going to expect to
resolve your internal hostnames, which you probably shouldn't publish
to the outside world, so you probably want them to resolve through
the HQ DNS.
Similarily, you probably need to use the HQ WINS: if you need
WINS at all in your network then your users are going to expect to
be talking to your inside devices, which had better not work if
they are using an external WINS.
4. Create the access list for home network
5. Include the split tunnel coamnd for new VPN group.
Anything else?.
- References:
- Split Tunnel Question
- From: nt_pete
- Re: Split Tunnel Question
- From: Walter Roberson
- Re: Split Tunnel Question
- From: nt_pete
- Split Tunnel Question
- Prev by Date: Re: Need help Port forwarding on PIX 501
- Next by Date: Re: Need help Port forwarding on PIX 501
- Previous by thread: Re: Split Tunnel Question
- Next by thread: PPP Authentication with AAA PPP Default records fails
- Index(es):
