RE: Split Tunneling
- From: "Eric Poole" <EPoole@xxxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 8 Dec 2003 10:01:19 -0800
Internal hospital vpn clients want to connect to UCSF internal network and
maintain their internet connection. They are behind our firewall, but we don't
have direct administrative control. I guess I was concerned about the ability
for someone on the UC network to use the ip we connect to as a default gateway
and come back over the line. The UC network seems to be a breeding ground for
virus's, Trojans, and worms.
_______________________________________________
Eric Poole
IS Security Analyst
Community Medical Centers
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Sunday, December 07, 2003 4:29 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Split Tunneling
http://www.ISAserver.org
Hi Eric,
Those doctors certianly can be a pain ;-)
I'm not clear why split tunnel would be a problem in this situation. Who are
the VPN clients and where are they located? Are they located behind a firewall
under your administrator control?
Thanks!
Tom
-----Original Message-----
From: Eric Poole [mailto:EPoole@xxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, December 04, 2003 12:31 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Split Tunneling
http://www.ISAserver.org
Ok, I've been researching this quite a bit, but am having trouble convincing my
superiors that this is a bad idea. We have a university that wants to have an
always on vpn tunnel (access to their inside and to the internet at the same
time) from us to them to allow doctors to access their internal web library.
I've already setup ISA to talk to their squid to allow authentication requests
to pass, so I don't see the need and think it would be a huge hindrance to our
corporation to allow this tunnel to exist. I've ran out of ammo and would
appreciate anyone's thoughts and suggestions. (final note, they want this to
occur via cisco vpn concentrators on both ends. So instead of a single
workstation being able to connect, all 3000 pc's would have the ability)
_______________________________________________
Eric Poole
IS Security Analyst
Community Medical Centers
1140 "T" Street, Fresno, California 93721
559-459-6784 (phone) 559-459-2045 (fax)
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
epoole@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
