You are creating a security risk for the other end of the tunnel when you are using split-tunneling from your client.
louieb -----Original Message----- From: Craig Columbus [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 6:49 PM To: [EMAIL PROTECTED] Subject: RE: Alternatives to Cisco VPN client [7:42604] Thanks for the responses. I'm aware of split tunneling with a concentrator. That's not what I want. I'm looking for something that lets me connect to any IPSEC compliant endpoint, whether it's a PIX, a router, or a Linux box. In other words, the client shouldn't care what it's connecting to. It should only care whether the traffic has a destination within the remote network or not. If so, send through tunnel, if not, send to Internet. Hope this helps clarify. Thanks! Craig At 07:39 PM 4/25/2002 -0400, you wrote: >You can definitely do this using the Cisco VPN client. This is a policy push >from the concentrator. If you would like split-tunneling you need to enable >that on the concentrator to allow the clients to do that. > >http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel3_5_1/admin_g d >/vca.pdf > >Tim >CCIE 9015 > > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Craig Columbus >Sent: Thursday, April 25, 2002 6:25 PM >To: [EMAIL PROTECTED] >Subject: Alternatives to Cisco VPN client [7:42604] > > >Let me preface this by saying that all of my VPN experience has been either >peer-peer or client to peer with the Cisco VPN client 1.x or 3.x. Please >ignore my ignorance if I've missed something obvious. > >I've got a major complaint with the Cisco VPN client. It's not smart >enough to differentiate local traffic/Internet traffic from VPN >traffic. Therefore, you can't browse the Internet and your VPN network at >the same time. >I'm looking for alternative software clients that are smart enough to say >"Ok. Any traffic destined for 10.x.x.x (or whatever you define VPN traffic >to be) goes to the tunnel. If the traffic has any destination other than >10.x.x.x, it's treated as if the tunnel weren't even present." This would >allow my client machine to easily browse the Internet and the VPN remote >network at the same time. >I've done some preliminary searches for third-party clients, but don't want >to waste time trying 50 clients that may not be any good. I've found some >for Mac OS X that'll do what I want, but I haven't found one for Win >9x/ME/NT/2K/XP. >There's got to be a decent client that does this. >Sorry for rambling.... :-) It's been a long day. > >As usual, thanks in advance to everyone. > >Craig Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42622&t=42604 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
