Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
4
Replies

Client VPN question

rod.blackie
Level 1
Level 1

‎04-23-2008 01:23 AM - edited ‎02-21-2020 03:41 PM

Quick question guys - How can I assure security when using a client VPN connection from within my network to an external company's network. I understand that creating a site to site connection would be best - however If I were to use a client VPN connection then how can I stop users on the remote company's subnet browsing my network via the virtual VPN connection?

Hope that makes sense?....

Thanks

Rod

Labels:
0 Helpful
4 Replies 4

michael.leblanc
Level 4
Level 4

‎04-24-2008 04:28 PM

If you are connecting to a third party network (through a VPN or otherwise), you should take steps to protect your host from compromise with a personal firewall.

If your host is protected from compromise, and your host is not providing routing functionality, users on the remote site should have no access to your network.

The tunnel exposes your host, not your network (given the stipulations above).

0 Helpful

rod.blackie
Level 1
Level 1
In response to michael.leblanc

‎04-24-2008 10:55 PM

Hi Michael - thanks for your reply, however my question really is when the client VPN establishes a connection to a remote site there are two active connections opened on that PC - the local connection and a virtual connection, this sort of bridges the two networks together. What I would like to know is how could the security of our network be compromised as the virtual VPN connection to the remote subnet would allow all packets back to the originating host due to the VPN - what's to stop a hacker at the remote end dropping a script onto the VPN PC from the remote site that would allow malicious traffic to jump the virtual connection to physical subnet - does this make sense?

Regards

Rod

0 Helpful

michael.leblanc
Level 4
Level 4
In response to rod.blackie

‎04-25-2008 06:18 AM

If you look at the Transport tab of the Connection Properties, you will see a checkbox for a feature called "Allow Local LAN Access". The help file suggests leaving this "unchecked" provides the protection you are seeking.

The Options menu also provides access to a Stateful Firewall.

When you say "sort of bridges the two networks together", are you suggesting that packets are freely forwarded from one interface to the other? If so, I don't agree. I don't think the host will do this without a routing function installed, or being compromised.

Still comes back to protecting the host for me.

0 Helpful

dboucher
Level 1
Level 1
In response to michael.leblanc

‎05-01-2008 03:22 AM

Absolutely...

Protect the host and nothing will route

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents