|
We use a CISCO device, and some CISCO client software on the PC's. We had split tunneling turned on, letting a workstation at home access our whole network including the iSeries systems concurrently with access to the internet via the cable modem. Worked GREAT! Speed and convenience were excellent. Better than being at the office. Then our network group got scared over a story about the sub-seven trojan getting stuff up and down the VPN tunnel and then up and down the internet tunnel. That made them turn off split tunneling and now when you connect to our VPN it changes your IP address and it acts like a dial up. Still faster, but only dedicated to the VPN session. Oh, and any file, printer or what have you sharing behind your own firewall? <boom> You've disappeared from your own network and been assimilated into the work network. Kills backups from my laptop to my desktop hard drives, kills printer sharing, etc. GRRRR... Now VPN is almost useless to me. Lots of 'discussion' over the business ethics of the company coming in to my network and changing settings, basically protecting its network by attacking mine. -----Original Message----- From: Vern Hamberg [mailto:vhamberg@centerfieldtechnology.com] Sent: Tuesday, February 04, 2003 1:17 PM To: Midrange Systems Technical Discussion Subject: RE: VPN Chuck, we have a LinkSys VPN appliance that acts as our firewall - low buck, I know, and there are other more secure options. That unit is exposed to the outside world. From home I use a VPN client on my W98 machine. Others have XP, which has IPSEC builtin and can be configured nicely for this router. The goal is to shut down everything and only allow VPN traffic into the internal network. This router uses essentially a password (shared secret), not a digital certificate, so it is more crackable than other systems. There are a number of architectures for firewall/VPN setups that I've seen - I like the integrated appliance approach, but others know the alternatives. For us this is adequate. We've tried to understand, to some degree, anyway, our exposure, and are satisfied with the cost-risk-benefit of this setup. But please do not go with a solution until you've looked at the risks and the value of what you are protecting, and the cost of protecting it. There's no one-size-fits-all solution, IMO. Cheers Vern At 02:00 PM 2/4/2003 -0500, you wrote: >I am new to all of this (as of late last year and a VPN to allow our Sales >folks to access our AS/400). As you note, this was not always supported. > >Our AS/400 isn't public and the VPN router sits behind a firewall. Is that >of concern ? > >Thanks, > >Chuck > _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.