Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
219
Views
0
Helpful
1
Replies

remote access vpn internet access

ronshuster
Level 1
Level 1

‎06-03-2009 06:44 PM - edited ‎02-21-2020 04:15 PM

we have a number of vpn users, so:

1) how do we grant them direct access to the Internet when they are connected through VPN? Will split tunneling do it? how is it configured? Is it safe?

2) Are there any security concerns?

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎06-04-2009 02:09 AM

Ron,

You have a few options:-

1) Tunnel all traffic and route internet traffic thru an internal proxy server

2) Tunnel all traffic and let the internet traffic leave directly from the PIX/ASA outside interface

3) Configure split tunneling and only encrypt your internal IP subnet traffic, let the users break out locally for there internet provider.

Pptions 1 and 2 do not allow local access to the users own lan - this can be fixed by tunneling all traffic, but allowing LAN access.

There are some security concerns, while the user is connected to the VPN, the machine could be used as a jump off point into your network if the users has access to the internetl locally.

If you tunnel all traffic and break out from your PIX/ASA for the internet, if the users machine is compromised - you could black list your internet IP from your company location.

It really depends on your network/security policy.

HTH>

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents