PIX506E and VPN and Web Browsing

Discussion in 'Cisco' started by bob, Jul 26, 2004.

  1. bob

    bob Guest

    I have a PIX 506E setup with Remote users VPN'ing IN. They say they also
    want to surf the web while connected to the VPN.
    I was told by a Cisco rep not to allow this.
    What is the opinion of everyone else?
    Please list Pro's and Con's to consider.....

    David
    bob, Jul 26, 2004
    #1
    1. Advertising

  2. bob

    S. Gione Guest

    If they are establishing VPN using remote client, they can surf simply by
    not establishing the VPN session. You might as well permit split-tunneling.

    If they are at a remote site behind a PIX/router site-to-site VPN it then is
    a corporate policy issue.


    "bob" <> wrote in message
    news:d_9Nc.6$3.com...
    > I have a PIX 506E setup with Remote users VPN'ing IN. They say they also
    > want to surf the web while connected to the VPN.
    > I was told by a Cisco rep not to allow this.
    > What is the opinion of everyone else?
    > Please list Pro's and Con's to consider.....
    >
    > David
    >
    S. Gione, Jul 26, 2004
    #2
    1. Advertising

  3. bob

    PES Guest

    The main reason that people do not allow this is to alleviate the
    possibility of someone gaining control of the pc that is the vpn client and
    utilizing resources on the network. For example installing back orifice on
    a pc with access to an accounting package (over vpn) could allow an attacker
    to manipulate the accounting software that is utilizing the vpn. A more
    realistic concern of mine is someone acquiring an smb based worm (such as
    blaster) then connecting to my network. Although disabling split tunneling
    reduces this risk it is still very, very possible. It is hard to block that
    without blocking required smb functionality. I think this argument (as well
    as the vpn filter policy) also requires understanding if the vpn client pc's
    are administratively yours to control or not.

    "bob" <> wrote in message
    news:d_9Nc.6$3.com...
    > I have a PIX 506E setup with Remote users VPN'ing IN. They say they also
    > want to surf the web while connected to the VPN.
    > I was told by a Cisco rep not to allow this.
    > What is the opinion of everyone else?
    > Please list Pro's and Con's to consider.....
    >
    > David
    >
    PES, Jul 27, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ian Sime

    VPN Client / PIX506e

    Ian Sime, Jan 28, 2004, in forum: Cisco
    Replies:
    0
    Views:
    492
    Ian Sime
    Jan 28, 2004
  2. Michel
    Replies:
    2
    Views:
    610
    AlberTUX
    Nov 5, 2004
  3. Replies:
    5
    Views:
    501
    Terry
    Dec 8, 2004
  4. Leon Willard
    Replies:
    0
    Views:
    470
    Leon Willard
    Jul 1, 2005
  5. aimeruko

    Cisco 1841 and Pix506e VPN

    aimeruko, Sep 26, 2006, in forum: General Computer Support
    Replies:
    0
    Views:
    1,524
    aimeruko
    Sep 26, 2006
Loading...

Share This Page