Hi Chandler,
To secure the laptop of company a while connected via VPN form company B my suggestion is to run the Client Firewall feature the concentrator has, (this is why I love this device so much). While you are connected via VPN, the concentrator will inject a set of rules, (a firewall configuration), that will run on the PC while connected. In other words: COMPANY A CVPN 300XLAPTOP++++COMPANY B (DOMAIN) + + PC1 LAPTOP is connected to company B directly right? Ok, PC1 should be able to "ping" LAPTOP due they belong to the same network. If LAPTOP is connected to CVPN300X, the concentrator will inject a firewall set of rules, (like a PIX), that will avoid PC1 to ping LATOP, in other words the VPN client installed is protecting and is acting as a firewall for its own. This means that while LAPTOP is connected, no one from company B will be able to ping it, if LAPTOP is disconnected from the CVPN300X, no PC1 will be able to ping it, due the firewall was removed with the tunnel as well. For more details on this please check the link below: Client FW Parameters Tab (version 4.X) http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_0/config/userm gt.htm#1759740 My two cents, Frank Costa Rica ----- Original Message ----- From: "Chandler Mike" To: Sent: Monday, August 25, 2003 6:06 PM Subject: help with vpn scenario [7:74366] > Please help with the following scenario: A laptop user works for Company A > and possesses a Company A laptop that belongs to their domain. The user has > needs to frequently access confidential records that belong to Company A, > while on another company's network. > > The user also works onsite (with Company A's laptop) of another company, > Company B. This company has its own network, unrelated and not tied into > Company A's network in any way. How does the user access a vpn concentrator > located at Company A while working onsite at Company B without logging on to > their domain? The laptop has the cisco vpn client installed on it and the > user uses it from home fine. But how does one setup a secure method of > having the user vpn into Company A while on another company's network > without compromising the data on the laptop? > > This is a real scenario, sorry if I am overlooking some obvious things, but > I would appreciate any input on making this work. Thanks > > Mike C > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74382&t=74366 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
