Remote VPN access from inside net.

Unanswered Question
Jul 21st, 2010

Hi Guy and Gals,

Is there any reason why RA VPN should or shouln't be allowed from inside the network?  I have someone that mentioned that they were unable to vpn in (to our ASA) from inside the network. Bascially, I had a user that connected his personal pc to the network and pulled an ip address and then attempted to VPN in to gain access to his personal folders.  Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Wed, 07/21/2010 - 12:23

Firstly, VPN is normally just enabled on the outside interface, instead of all the interfaces of the firewall/ASA.

Secondly, if he is connecting from the internal network, then he can't cross connect to the ASA outside interface where VPN is normally connected. ASA needs to be configured to allow/enable VPN on the inside interface, and then he needs to connect to the inside interface of the ASA.

However, I don't quite understand what the VPN will achieve in this case if he is connecting from the internal network anyway. VPN is to provide secure access through the Internet. If he is already in the internal corporate network, eventhough he is using his personal computer, there won't be any added security because traffic just flows within your internal network, not flowing off the Internet which is the sole purpose of VPN (encrypts traffic when it's on the Internet).

Hope that answers your question.


This Discussion