If your company is in an environment that requires a VERY high level of security implementation (perhaps Heath Care or Financial Services come to mind) then maybe you would be concerned about the risk involved in Allow Local LAN Access. there is a very small risk that a hacker could compromise some other device on the Local LAN and from that machine might compromise the PC with the VPN client while it was on line. Allowing Loal LAN Access presents a very small increase in risk that the PC could be compromised while on line. it is true that the PC could already be compromised/infected and would pose a threat. while having a fully updated antivirus software does reduce the possibility of the PC being compromised it does not entirely eliminate that possibility. I believe that the level of concern may not be zero, but it is a pretty small concern. Yes this is different from true split tunneling. I will suggest these points in response to the specific questions that you ask: But depending on the situation in your organization it may very well be a good thing to allow Local LAN Access. I believe that this is an appropriate default behavior since it puts the VPN client into the most secure position. I would not necessarily agree with that assumption.Ĭlearly the default behavior is to not allow Local LAN Access. These dial-up clients need to use local resources (like printers) from their own LAN at th. This router is used to get remote access to internal network, the dial-up client establishes a tunneling with cisco 2612 router through VPN Client. Most of your question seems to derive from the assumption that Allow Local LAN Access is not a good thing. I have a cisco 2612 router with an 16 modem module installed. Looking to understand why this is not a good idea. Is there a concern that a hacker might be able to hack this computer internally and use the local lan access to that advantage?.If the PC was infected how would it act as a relay? Wouldn't it pose a threat regardless if allow local LAN access was enabled or not? After all we would still be able to tunnel through.Each PC at this remote office is managed and contains a fully updated Antivirus software package.Wouldn't this prevent any concern's originating from the PC itself? Wouldn't this eliminate the fear that this PC might act as a relay for any nasties?.Being that this is the case is there really a need for concern? This solution appears to differ from a true split tunneling scenario and unencrypted traffic is sent and received only from the internal LAN.Having seen this feature enabled and working at much larger organizations I have some questions: This brought me to the following document on the Cisco site: I started researching why our users at a remote office (not connected via site-to-site link) were unable to print to their network printer even though the tick box for allow local LAN access on the Cisco VPN Client was checked off.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |