Re: VPN Client for Windows 5.01
- From: News Reader <user@xxxxxxxxxxx>
- Date: Wed, 16 Apr 2008 10:22:32 -0400
rg wrote:
Is there a way to configure windows or vpn client to block all internet traffic unless successfull vpn connection is made?
Thanks in advance
When you configure policy on the Easy VPN Server (policies are pushed to the client), you have the option of configuring "split-tunnelling", or not. If you do not enable split-tunnelling, all traffic will go through the tunnel (when the tunnel is up), even traffic destined for the Internet. This can allow you to enforce security policies implemented at the head end (e.g.: firewall).
Until the tunnel is up, you have to rely on Windows mechanisms to curb Internet traffic. You should be able to use the Windows Firewall or some other third-party firewall to limit the range of IP addresses to which your host can connect.
Hopefully, your firewall would allow you to define different rules on an interface-by-interface basis. The rules you would implement on the LAN interface might differ from those implemented on the VPN interface.
Presumably the firewall might act on the encapsulated IP headers, and not just the encapsulating IP headers. You'd have to experiment to find out. I've not explored this myself.
Best Regards,
News Reader
.
- References:
- VPN Client for Windows 5.01
- From: rg
- VPN Client for Windows 5.01
- Prev by Date: Re: native vlan question
- Next by Date: Re: Help Needed
- Previous by thread: Re: VPN Client for Windows 5.01
- Next by thread: plug RJ11 TO 837 cisco router
- Index(es):
Relevant Pages
|
