Have you tried the IPSec that is built into windows 2000? Daniel Ladrach CCNA, CCNP WorldCom
> -----Original Message----- > From: Craig Columbus [mailto:[EMAIL PROTECTED]] > Sent: Friday, April 26, 2002 1:37 AM > To: [EMAIL PROTECTED] > Subject: Re: Alternatives to Cisco VPN client [7:42604] > > > I certainly appreciate the security risks. However, there are some > circumstances where the risks are reduced (notice I'm not saying > eliminated) by circumstance. For example, many clients are > behind hardware > firewalls that allow only designated inbound traffic (forget about > tunneling at the firewall for the moment). Additionally, the > clients are > kept strictly updated with antivirus/trojan detection > software. Also, the > VPN client itself could be combined with a local personal firewall > function, much like the Cisco VPN 3.5 client tries to do with > it's stateful > inspection feature. > I don't see much security difference between a properly > configured client > allowing this connection and a router-router peer VPN setup > that tunnels > based on destination address. Of course the routers have > access lists > controlling tunnel access, but clients could have effectively > the same > control with proper software installed. > I'm not necessarily debating whether this *should* be done. > It's really up > to the individual admin to determine. In some cases the > security risk is > too great, in other situations, it's perfectly acceptable. I > just want to > see the functionality available. > > At 08:35 PM 4/25/2002 -0400, you wrote: > >On Sep 15, 1:00pm, "Craig Columbus" wrote: > >} > >} I've got a major complaint with the Cisco VPN client. > It's not smart > >} enough to differentiate local traffic/Internet traffic from VPN > >} traffic. Therefore, you can't browse the Internet and > your VPN network at > >} the same time. > > > > It is. However, the server gets to decide if it will. > Doing so, > >is opening yourself to a great big security hole. Most > desktops aren't > >properly locked down. If a desktop is allowed to use a VPN > tunnel and > >the general internet at the same time, then you are opening the > >protected network to being hacked by somebody hopping through the > >desktop. Do you really want to do this? > > > >} I've done some preliminary searches for third-party > clients, but don't > >want > >} to waste time trying 50 clients that may not be any good. > I've found some > >} for Mac OS X that'll do what I want, but I haven't found > one for Win > >} 9x/ME/NT/2K/XP. > > > > Win 2K/XP come with IPSec built-in and don't really need a > >client. Max OSX may have it built-in as well. > > > >}-- End of excerpt from "Craig Columbus" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42646&t=42604 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]