Re: VPN Client for Windows 5.01



rg wrote:
Is there a way to configure windows or vpn client to block all internet traffic unless successfull vpn connection is made?

Thanks in advance


When you configure policy on the Easy VPN Server (policies are pushed to the client), you have the option of configuring "split-tunnelling", or not. If you do not enable split-tunnelling, all traffic will go through the tunnel (when the tunnel is up), even traffic destined for the Internet. This can allow you to enforce security policies implemented at the head end (e.g.: firewall).

Until the tunnel is up, you have to rely on Windows mechanisms to curb Internet traffic. You should be able to use the Windows Firewall or some other third-party firewall to limit the range of IP addresses to which your host can connect.

Hopefully, your firewall would allow you to define different rules on an interface-by-interface basis. The rules you would implement on the LAN interface might differ from those implemented on the VPN interface.

Presumably the firewall might act on the encapsulated IP headers, and not just the encapsulating IP headers. You'd have to experiment to find out. I've not explored this myself.

Best Regards,
News Reader
.



Relevant Pages

  • RE: Nortel Contivity 2600
    ... Putting the device in question behind the firewall isn't going to help ... him with DoS attacks - unless those attacks are due to malformed ... So, we're looking at a VPN device which, as I understand from Cam's ... What would be the value of having the external interface on the DMZ? ...
    (Pen-Test)
  • Re: Do VPN connections effectively bypass Firewalls?
    ... >> running on the firewall machine, and as such the connection can (and ... after connecting to the VPN. ... VPN tunnel is up a new network interface comes into existence. ...
    (comp.security.firewalls)
  • Re: Do VPN connections effectively bypass Firewalls?
    ... >> running on the firewall machine, and as such the connection can (and ... after connecting to the VPN. ... VPN tunnel is up a new network interface comes into existence. ...
    (comp.security.firewalls)
  • Re: DMZ and VPN
    ... Put a firewall behind the VPN local interface and only allow access to the ...
    (Security-Basics)
  • Re: VPN breach - question
    ... VPNs from his machine to a company network. ... users don't always keep current on patches, upgrades, firewall and AV ... What goes through the VPN is generally safe. ... machines that VPN in should be the same as policies for the LAN. ...
    (Security-Basics)