Re: VPN Client for Windows 5.01



rg wrote:
Is there a way to configure windows or vpn client to block all internet traffic unless successfull vpn connection is made?

Thanks in advance


When you configure policy on the Easy VPN Server (policies are pushed to the client), you have the option of configuring "split-tunnelling", or not. If you do not enable split-tunnelling, all traffic will go through the tunnel (when the tunnel is up), even traffic destined for the Internet. This can allow you to enforce security policies implemented at the head end (e.g.: firewall).

Until the tunnel is up, you have to rely on Windows mechanisms to curb Internet traffic. You should be able to use the Windows Firewall or some other third-party firewall to limit the range of IP addresses to which your host can connect.

Hopefully, your firewall would allow you to define different rules on an interface-by-interface basis. The rules you would implement on the LAN interface might differ from those implemented on the VPN interface.

Presumably the firewall might act on the encapsulated IP headers, and not just the encapsulating IP headers. You'd have to experiment to find out. I've not explored this myself.

Best Regards,
News Reader
.