Re: Unable To Print While Connected Via VPN
From: Danny Sanders (Danny.Sanders_at_NO-SPAMcpcmed.org)
Date: 02/02/05
- Next message: jmillank: "Net Watcher for Windows 2000"
- Previous message: danieltan_at_time.net.my: "Re: Roaming profile problem in win2000"
- In reply to: Ryan Hanisco: "Re: Unable To Print While Connected Via VPN"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 2 Feb 2005 08:57:31 -0700
> Yes, this is something that you would have to configure on the PIX and
> would affect all users, not just him.
Could they set up a group just for him and turn on split tunneling for that
group?
I am in the process of trying to formalize our relationship with them. Maybe
if we meet certain criteria they will allow this ( The number 2 guy at the
hospital is in the same boat.). We would have to put measures in place to
minimize the risk associated with using split tunneling.
Which leads me to what are the security risks associated with split
tunneling?
TIA
DDS
"Ryan Hanisco" <rhanisco@flagshipis.com> wrote in message
news:O%23Sb4jOCFHA.1936@TK2MSFTNGP14.phx.gbl...
> Yes, this is something that you would have to configure on the PIX and
> would affect all users, not just him. To do something specific to him
> you'd need a Cisco VPN Concentrator (big $$) to handle individual VPN
> policies.
>
> Besides, its forbidden by the organization's policy.
>
> The better solution might be to consider moving the local printer so that
> it is in the same subnet as the workstation so that it never hits the
> gateway router to address it -- or to continue to use Citrix. in the end,
> it may just be cheaper to get him a cheap printer he can keep locally
> attached. (Just remember that the cheap printers are not generally
> supported by Citrix, even with the UPD/UPDII -- its a Catch/22)
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
> news:ev7Pg8JCFHA.3940@TK2MSFTNGP09.phx.gbl...
>> If he
>>> is using the Cisco VPN Client to initiate the connection the option I
>>> described probably doesn't even exist and it may be something to
>>> configure
>>> on the PIX,...I really don't know, I have never used nor ever seen a
>>> PIX.
>>
>>
>> Yes he is using the client.
>>
>> I kind of figured changing a setting on our end wouldn't do much. For now
>> he is using Citrix.
>>
>> Thanks
>> DDS
>> "Phillip Windell" <@.> wrote in message
>> news:%23nsYwqJCFHA.2568@TK2MSFTNGP10.phx.gbl...
>>> "Danny Sanders" <Danny.Sanders@NO-SPAMcpcmed.org> wrote in message
>>> news:ebFSgDJCFHA.2676@TK2MSFTNGP12.phx.gbl...
>>>> > In the Dialup TCP/IP Settings you can disable the "Use Gateway on
>>>> > Remote
>>>> > Network" to avoid this, but it is considered a security risk to do
>>>> > so.
>>>
>>>> I have a Dr. here that needs to VPN to another network from his laptop
>>>> through our firewall to his hospitals Pix.
>>>> Their "security" policy prohibits split tunneling on their Pix. When we
>>> open
>>>> the VPN, all he can access is basically the remote hospital network.
>>>>
>>>> Would disabling the above setting make any difference here? What are
>>>> the
>>>> security risks associated with disabling this setting?
>>>
>>> What I was describing is, in fact, Split-Tunneling,..I just didn't call
>>> it
>>> that. As you said, their security policy prevents you from doing that.
>>> If he
>>> is using the Cisco VPN Client to initiate the connection the option I
>>> described probably doesn't even exist and it may be something to
>>> configure
>>> on the PIX,...I really don't know, I have never used nor ever seen a
>>> PIX.
>>>
>>> Unfortunately I don't work for (or as) a consultant so I don't get the
>>> variety of experience they do. I sit and stare at the same unchanging
>>> network all day and I do not get any experience with things that we do
>>> not
>>> own and use here. I have to hear everything "second-hand" sort of speak.
>>>
>>> --
>>>
>>> Phillip Windell [MCP, MVP, CCNA]
>>> www.wandtv.com
>>>
>>>
>>
>>
>
>
- Next message: jmillank: "Net Watcher for Windows 2000"
- Previous message: danieltan_at_time.net.my: "Re: Roaming profile problem in win2000"
- In reply to: Ryan Hanisco: "Re: Unable To Print While Connected Via VPN"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
