Re: help with vpn scenario [7:74366]
Thank you both for the suggestions and info! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74417&t=74366 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: help with vpn scenario [7:74366]
Hi Chandler, To secure the laptop of company a while connected via VPN form company B my suggestion is to run the Client Firewall feature the concentrator has, (this is why I love this device so much). While you are connected via VPN, the concentrator will inject a set of rules, (a firewall configuration), that will run on the PC while connected. In other words: COMPANY A CVPN 300XLAPTOPCOMPANY B (DOMAIN) + + PC1 LAPTOP is connected to company B directly right? Ok, PC1 should be able to "ping" LAPTOP due they belong to the same network. If LAPTOP is connected to CVPN300X, the concentrator will inject a firewall set of rules, (like a PIX), that will avoid PC1 to ping LATOP, in other words the VPN client installed is protecting and is acting as a firewall for its own. This means that while LAPTOP is connected, no one from company B will be able to ping it, if LAPTOP is disconnected from the CVPN300X, no PC1 will be able to ping it, due the firewall was removed with the tunnel as well. For more details on this please check the link below: Client FW Parameters Tab (version 4.X) http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_0/config/userm gt.htm#1759740 My two cents, Frank Costa Rica - Original Message - From: "Chandler Mike" To: Sent: Monday, August 25, 2003 6:06 PM Subject: help with vpn scenario [7:74366] > Please help with the following scenario: A laptop user works for Company A > and possesses a Company A laptop that belongs to their domain. The user has > needs to frequently access confidential records that belong to Company A, > while on another company's network. > > The user also works onsite (with Company A's laptop) of another company, > Company B. This company has its own network, unrelated and not tied into > Company A's network in any way. How does the user access a vpn concentrator > located at Company A while working onsite at Company B without logging on to > their domain? The laptop has the cisco vpn client installed on it and the > user uses it from home fine. But how does one setup a secure method of > having the user vpn into Company A while on another company's network > without compromising the data on the laptop? > > This is a real scenario, sorry if I am overlooking some obvious things, but > I would appreciate any input on making this work. Thanks > > Mike C > **Please support GroupStudy by purchasing from the GroupStudy Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74382&t=74366 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
RE: help with vpn scenario [7:74366]
It depends on Company B's firewall, and how it is setup to allow IPsec traffic (or not). Theoretically, there is no difference between connecting to Company A via an ISP connection and connecting to Company A through Company B, except that Company B's firewall may not allow or be capable of allowing IPsec connections. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Chandler Mike [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 8:06 PM To: [EMAIL PROTECTED] Subject: help with vpn scenario [7:74366] Please help with the following scenario: A laptop user works for Company A and possesses a Company A laptop that belongs to their domain. The user has needs to frequently access confidential records that belong to Company A, while on another company's network. The user also works onsite (with Company A's laptop) of another company, Company B. This company has its own network, unrelated and not tied into Company A's network in any way. How does the user access a vpn concentrator located at Company A while working onsite at Company B without logging on to their domain? The laptop has the cisco vpn client installed on it and the user uses it from home fine. But how does one setup a secure method of having the user vpn into Company A while on another company's network without compromising the data on the laptop? This is a real scenario, sorry if I am overlooking some obvious things, but I would appreciate any input on making this work. Thanks Mike C **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74372&t=74366 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
help with vpn scenario [7:74366]
Please help with the following scenario: A laptop user works for Company A and possesses a Company A laptop that belongs to their domain. The user has needs to frequently access confidential records that belong to Company A, while on another company's network. The user also works onsite (with Company A's laptop) of another company, Company B. This company has its own network, unrelated and not tied into Company A's network in any way. How does the user access a vpn concentrator located at Company A while working onsite at Company B without logging on to their domain? The laptop has the cisco vpn client installed on it and the user uses it from home fine. But how does one setup a secure method of having the user vpn into Company A while on another company's network without compromising the data on the laptop? This is a real scenario, sorry if I am overlooking some obvious things, but I would appreciate any input on making this work. Thanks Mike C Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74366&t=74366 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html