08-28-2008 05:12 AM - edited 02-21-2020 03:54 PM
What are the security risks for allowing local LAN access through a Cisco ASA 5500 for printing purposes?
08-28-2008 06:16 AM
For printing none.
Is there a particular reason for encrypting ALL traffic over the remote VPN, and allow local LAN access?
You could just configure splittunneling and encrypt only the internal traffic to the subnets required?
HTH>
08-31-2008 09:44 PM
Andrew,
When you setup Split Tunneling and encrypt only the internal traffic, do you also include the WINS servers, DNS servers, and Radius servers in addition to your file sharing server or do you only include the file sharing server? The users only need to access one file sharing server and nothing else.
Thanks.
Diane
08-31-2008 10:24 PM
Diane,
As a rule of thumb, I generally ecnrypt all data to the internal subnet - we have planned our use of IP addressing, as a result we use the 10/8
As the majority of cable/adsl modem vendors tend to use the 192.168/16 or 172.16/19 addressing from RFC1918 - it's simple.
For you I would add the subnets (if not on a single common subent) for:-
1) DNS - they will need this to browse the internet via there own internet connection.
2) WINS - if they have an old OS, if XP and above - not required.
3) File Sharing server IP address.
HTH>
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: