×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Is allowing an IPSEC tunnel from my LAN secure?

Unanswered Question
Mar 20th, 2006
User Badges:

Hi,

I am wondering whether it is secure or insecure (and why it would be either) to allow one of my users to connect from their PC on the LAN here to an external/third party using a VPN client.


Should I be worried that the other party might take over my user's PC and/or possible be able to access ressources on our network?


kind regards,


Kevin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Richard Burts Mon, 03/20/2006 - 07:36
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kevin


Any time that you allow connectivity from a resource inside your network to resources outside your network there is some degree of insecurity introduced. Making that connection over an IPSec VPN reduces the degree of insecurity but does not eliminate it.


We can identify a good side and a bad side of allowing the connectivity over an IPSec VPN. The good side: the VPN will encrypt the traffic (which is probably passing over an insecure media), will authenticate the other end of the connection assuring that the data is coming from a trusted source. It will protect against packets that were changed in transit, and against attempts to replay the traffic and other types of man in the middle attacks.

The bad side: if you have a firewall protecting your network traffic, the firewall will only see encrypted traffic which it must trust without knowing what is the content. You are opening some exposure by allowing traffic from the outside to the VPN client and it might be possible that if the other end of the connection were compromised that it could transmit problems onto your network. So if you trust the other end of the connection you should be fine, but if you do not trust the other end of the connection then there could be problems.


In general I would say that connecting over VPN is safer than connecting over clear text. But there is a certain degree of risk in allowing connections over VPN.


HTH


Rick

Actions

This Discussion