Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX506E and VPN and Web Browsing

Reply
Thread Tools

PIX506E and VPN and Web Browsing

 
 
bob
Guest
Posts: n/a
 
      07-26-2004
I have a PIX 506E setup with Remote users VPN'ing IN. They say they also
want to surf the web while connected to the VPN.
I was told by a Cisco rep not to allow this.
What is the opinion of everyone else?
Please list Pro's and Con's to consider.....

David

 
Reply With Quote
 
 
 
 
S. Gione
Guest
Posts: n/a
 
      07-26-2004
If they are establishing VPN using remote client, they can surf simply by
not establishing the VPN session. You might as well permit split-tunneling.

If they are at a remote site behind a PIX/router site-to-site VPN it then is
a corporate policy issue.


"bob" <(E-Mail Removed)> wrote in message
news:d_9Nc.6$(E-Mail Removed)3.com...
> I have a PIX 506E setup with Remote users VPN'ing IN. They say they also
> want to surf the web while connected to the VPN.
> I was told by a Cisco rep not to allow this.
> What is the opinion of everyone else?
> Please list Pro's and Con's to consider.....
>
> David
>



 
Reply With Quote
 
 
 
 
PES
Guest
Posts: n/a
 
      07-26-2004
The main reason that people do not allow this is to alleviate the
possibility of someone gaining control of the pc that is the vpn client and
utilizing resources on the network. For example installing back orifice on
a pc with access to an accounting package (over vpn) could allow an attacker
to manipulate the accounting software that is utilizing the vpn. A more
realistic concern of mine is someone acquiring an smb based worm (such as
blaster) then connecting to my network. Although disabling split tunneling
reduces this risk it is still very, very possible. It is hard to block that
without blocking required smb functionality. I think this argument (as well
as the vpn filter policy) also requires understanding if the vpn client pc's
are administratively yours to control or not.

"bob" <(E-Mail Removed)> wrote in message
news:d_9Nc.6$(E-Mail Removed)3.com...
> I have a PIX 506E setup with Remote users VPN'ing IN. They say they also
> want to surf the web while connected to the VPN.
> I was told by a Cisco rep not to allow this.
> What is the opinion of everyone else?
> Please list Pro's and Con's to consider.....
>
> David
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 1841 and Pix506e VPN aimeruko General Computer Support 0 09-26-2006 07:50 AM
XP SP-2 Client VPN Connection thru PIX506E to W2K server Problem Leon Willard Cisco 0 07-01-2005 07:01 PM
New Pix506e and VPN Client software help needed!!! pickjunior@hotmail.com Cisco 5 12-08-2004 09:20 PM
How to provide a VPN with PIX506E Michel Cisco 2 11-05-2004 10:51 PM
VPN Client / PIX506e Ian Sime Cisco 0 01-28-2004 02:14 PM



Advertisments