Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Security Risks for Allowing Local LAN Access for VPN Clients

What are the security risks for allowing local LAN access through a Cisco ASA 5500 for printing purposes?

3 REPLIES

Re: Security Risks for Allowing Local LAN Access for VPN Clients

For printing none.

Is there a particular reason for encrypting ALL traffic over the remote VPN, and allow local LAN access?

You could just configure splittunneling and encrypt only the internal traffic to the subnets required?

HTH>

New Member

Re: Security Risks for Allowing Local LAN Access for VPN Clients

Andrew,

When you setup Split Tunneling and encrypt only the internal traffic, do you also include the WINS servers, DNS servers, and Radius servers in addition to your file sharing server or do you only include the file sharing server? The users only need to access one file sharing server and nothing else.

Thanks.

Diane

Re: Security Risks for Allowing Local LAN Access for VPN Clients

Diane,

As a rule of thumb, I generally ecnrypt all data to the internal subnet - we have planned our use of IP addressing, as a result we use the 10/8

As the majority of cable/adsl modem vendors tend to use the 192.168/16 or 172.16/19 addressing from RFC1918 - it's simple.

For you I would add the subnets (if not on a single common subent) for:-

1) DNS - they will need this to browse the internet via there own internet connection.

2) WINS - if they have an old OS, if XP and above - not required.

3) File Sharing server IP address.

HTH>

246
Views
0
Helpful
3
Replies
CreatePlease to create content