Re: [PCTECH] VPN Set-Up (Cisco)

[Tom Jedrzejewicz <tomjedrz@xxxxxxxxx>]

On Tue, 23 Nov 2004 11:07:35 -0600, Scott Johnson
<sjohnson@xxxxxxxxxxxxxxxxxxxx> wrote:

> We are using Cisco VPN Client to get access to company's network from home.
> Right now when I connect up I can only access the company's network.  No web
> browsing, No local network printing, & etc.

This is exactly how I would set it up, and how I have the VPN
connections setup for our company.  Think of it this way . . . if the
local PC, which is outside of your firewall on an uncontrolled
internet connection, can access the internet AND the internal network,
then it can become a bridge, right around your firewall, between the
internet and the internal network.

There is a setting on the Cisco VPN agent (in the Connection
definition) for "allow local LAN access".  I think it will allow for
printing on your homw network, but not internet access via your home
network.

> At a previous job, I swear we were able to connect up via vpn client and still
> access the Internet and such.  If I continue to remember correctly, only the
> traffic that was suppose to goto the company's network went there. The rest 
> was
> handled locally.  I don't think the browser traffic was sent thru the VPN
> connection.

If you were the security person at the previous job bowed to user
pressure and made a poor choice (IMHO).

> Has anybody set this sort of connection up via the Cisco VPN?  I check the 
> Cisco
> site and they have a lot of docs there.  Can somebody point me to one that 
> will
> help in this type of set-up?

I am pretty sure it can be done, but I wouldn't do it.  For web
access, I would get the VPN setup to grab all web traffic and force it
through the company firewall.  There may be some routing issues on the
internal network as well.

-- 
Tom Jedrzejewicz
tomjedrz@xxxxxxxxx