VPN Client for Windows 5.01
in [Cisco]
|
Prev: PIX 501 Web Access
Next: plug RJ11 TO 837 cisco router
From: rg on 16 Apr 2008 00:23 Is there a way to configure windows or vpn client to block all internet traffic unless successfull vpn connection is made? Thanks in advance
From: Uli Link on 16 Apr 2008 01:07 rg schrieb: > Is there a way to configure windows or vpn client to block all internet > traffic unless successfull vpn connection is made? If "all" traffic is blocked (which is possible) how should the VPN gateway be reached? -- Uli
From: rg on 16 Apr 2008 07:41 Either a) the block is removed when vpn client is attempting to connect or b) keep only port 53 and 10000 open? "Uli Link" <VonRechts.NachLinks(a)usenet.arcornews.de> wrote in message news:48058998$0$635$9b4e6d93(a)newsspool1.arcor-online.net... > rg schrieb: >> Is there a way to configure windows or vpn client to block all internet >> traffic unless successfull vpn connection is made? > > If "all" traffic is blocked (which is possible) how should the VPN gateway > be reached? > > -- > Uli
From: News Reader on 16 Apr 2008 10:22 rg wrote: > Is there a way to configure windows or vpn client to block all internet > traffic unless successfull vpn connection is made? > > Thanks in advance > When you configure policy on the Easy VPN Server (policies are pushed to the client), you have the option of configuring "split-tunnelling", or not. If you do not enable split-tunnelling, all traffic will go through the tunnel (when the tunnel is up), even traffic destined for the Internet. This can allow you to enforce security policies implemented at the head end (e.g.: firewall). Until the tunnel is up, you have to rely on Windows mechanisms to curb Internet traffic. You should be able to use the Windows Firewall or some other third-party firewall to limit the range of IP addresses to which your host can connect. Hopefully, your firewall would allow you to define different rules on an interface-by-interface basis. The rules you would implement on the LAN interface might differ from those implemented on the VPN interface. Presumably the firewall might act on the encapsulated IP headers, and not just the encapsulating IP headers. You'd have to experiment to find out. I've not explored this myself. Best Regards, News Reader
|
Pages: 1 Prev: PIX 501 Web Access Next: plug RJ11 TO 837 cisco router |