|
Posted by on January 10, 2006, 12:16 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Simon wrote:
> Martin Bodenstedt wrote:
> > ioevanc@gmail.com schrieb:
> >
> >> Hello
> >>
> >> I have a Windows Server 2003 configured as a remote access VPN server.
> >> Everything works perfectly, however when I connect from a client
> >> machine to the VPN my internet connection get taken over by the
> >> server's internet connection, anotherwords, not only it is routing my
> >> LAN but also the internet connection the server is on.
> >
> >
> > This by design.
> >
> > Once your VPN connection is open the VPN client should only allow
> > traffic through the tunnel for security reasons (keyword here is "Split
> > tunneling").
> >
> > This also means that once Your PC has the VPN connection open the pc
> > cannot see the lan anymore (to protect the corporate network from being
> > infiltrated by rogue pcs...
> >
> >
> Martin is correct, however I'm sure you can still see the local subnet
> Martin, it's only the default route that's affected.
>
> With the windows client you can get round it though if you consider the
> risks worthwhile, here's what I posted the other day in response to a
> similar question
> "Yes it's a security risk if the remote computer becomes compromised, as
> the internet connection going out locally could allow a back door into
> your network when the client vpn is connected. However with the ms
> client you can open up split routing to do what you need, in the tcpip
> properties of the remote PCs connection to you under advanced untick the
> 'use default gateway on remote network' then only traffic destined for
> the subnet that the client vpn address gets goes down the tunnel, all
> else goes out locally. If there is more than one subnet at your location
> the remote clients would need to use the route add command to add the
> additional routes needed. "
> simon
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map