... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.dcom.vpn

VPN protocols, clients, awesomeness

2,349 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 1,774 of 2,349

Mike Drechsler - SPAM PROTECTED EMA to Bailey

Re: VPN connection kills Internet Connec

11 Oct 05 19:40:57

   From: mike-newsgroup@-DELETETHISPART-.upcraft.com   

   Bailey wrote:   
   > On Tue, 11 Oct 2005 12:34:23 +0200, Martin Bodenstedt   
   >  typed:   
   >   
   >   
   >>Bailey schrieb:   
   >>   
   >>>On Tue, 11 Oct 2005 08:44:27 +0200, Martin Bodenstedt   
   >>> typed:   
   >>   
   >>>>One your VPN tunnel is up and running *all* traffic must go through your   
   >>>>company's internet connection.   
   >>   
   >>>Interesting. I was under the impression that connections remained   
   >>>separate. Which makes it even more confusing because other   
   >>>co-workers can use their other applications while connected through   
   >>>the VPN. I seem to be the exception to the rule.   
   >>   
   >>You should be able to use your applications as long as you don't need   
   >>your own lan.   
   >>   
   >>Internet should be accessible through your company's firewall (you might   
   >>have to set a proxy though).   
   >   
   >   
   > Martin;   
   > That's the odd thing. I can't access the Internet through the   
   > company's firewall either. And as far as we can determine a proxy   
   > isn't necessary, though I will bring that issue up again today.   
   > Thanks for your ideas.   

   If the company firewall is not routing the data to the internet, then   
   they may be able to change the configuration to allow this.  On   
   equipment I have used, if the default settings didn't do it, then I   
   usually need to create a separate NAT rule to translate traffic on the   
   VPN virtual interfaces as a separate rule.   

   If you are using the built in Windows PPTP/L2TP client.  You could also   
   build a package using the dialup network administration kit tool that is   
   in Windows 2003 server to create a connectoid that includes the option   
   to not use default gateway on remote network but also includes some   
   static route entries for the VPN to allow you access into other subnets   
   on the company network.  That's a task for your network administrator   
   though, but you could mention it.   

   Generally though, best practises dictate that while you are connected   
   through the company network you should be using the company firewall to   
   prevent attacks on your machine from giving the remote attacker access   
   to your active VPN connections.  At least if the attacker does the   
   attack through the company firewall then it's a problem that would have   
   happened if you were on the VPN or at work so nobody can blame the VPN   
   for causing a problem that wouldn't have happened otherwise.   

   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   

   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]