Re: RAS'd in : why traffic sent through VPN router ?
- From: "John A Grandy" <johnagrandy-at-yahoo-dot-com>
- Date: Sun, 9 Apr 2006 22:12:42 -0700
I see this as a trade-off issue with 3 angles:
1. performance: yes, minor incovenience when hitting google, but that's the
fastest site on earth. Other sites can go from 1-2 sec when routed via local
inet gateway to 10+ secs when routed through remote VPN inet gateway. This
eventually adds up to a significant loss in productivity. I know of a
company where 50%+ employees have two boxes (typically one laptop, one
desktop). One box is RAS'd in to the client's VPN; the other is not and is
used for all web research.
2. security : if all client-originating inet traffic routes bidirectionally
through a better firewall, then yes security is improved. When connecting
home office to workplace VPN, I see security issues as a reasonable argument
for "Use default gateway on remote network". However, when connecting from
one highly secure workplace environment to the VPN of another highly secure
workplace envionment, I don't see the benefit -- unless one environment is
proven to be significantly more secure than the other.
3. system failures : in the workplace case, where Outlook points to an
Exchange Server (ES) on the local network, Outlook can easily become
locked-up trying to locate its ES on the VPN. This can sometimes require
killing the Outlook process; and sometimes it even requires hard rebooting
the machine. This can kill a good 15 mins restarting all the apps, RAS'ing
in again, starting the apps on the VPN, etc.
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eoxwrEDXGHA.3760@xxxxxxxxxxxxxxxxxxxxxxx
In news:OPRw7M5WGHA.5096@xxxxxxxxxxxxxxxxxxxx,
John A Grandy <johnagrandy-at-yahoo-dot-com> typed:
Why is it when RAS'd into a VPN that a much of your network traffic
gets routed through the inet router of the VPN ?
In addition to Robert's reply (regarding 'use remote gateway'), you really
don't want anyone connecting to the compny network from their own
(possibly insecure) networks via VPN, unless all non-VPN traffic is
disabled at the time.
I'm not talking the case where you are Remote Desktop'd into a
machine that part of the VPN's network.
I'm talking having the the case of having VPN connection open, and the
following two types of requests:
1. Making simple browser requests from your box to public websites:
google.com , whatever. If you look at the tracert and you see that
the VPN's network's router and then it's inet provider is forwarding
the packets. This slows down speed of web access.
Perhaps, but I think it's worth the minor inconvenience given the security
issues opened up if you *don't* use remote gateway.
2. When Outlook needs to contact its assigned Exchange Server it
tries to find it on the VPN's network ! Incredibly annoying. You
can see Outlook popping up message boxes above the systray saying
it's unable to find it's Exchange Server.
Well, where *is* the Exchange server, and how do you connect to it?
Can XP Pro SP2 be confi'd so that it knows to first go to the local
network and the local router for requested urls, including local
network resources ?
Yes; it's 'use remote gateway', but if the IT staff responsible for the
remote network care about security, they won't allow that to work.
.
- Follow-Ups:
- Re: RAS'd in : why traffic sent through VPN router ?
- From: Lanwench [MVP - Exchange]
- Re: RAS'd in : why traffic sent through VPN router ?
- References:
- RAS'd in : why traffic sent through VPN router ?
- From: John A Grandy
- Re: RAS'd in : why traffic sent through VPN router ?
- From: Lanwench [MVP - Exchange]
- RAS'd in : why traffic sent through VPN router ?
- Prev by Date: Re: Can't connect to Internet, NIC seems to work fine
- Next by Date: networking a printer
- Previous by thread: Re: RAS'd in : why traffic sent through VPN router ?
- Next by thread: Re: RAS'd in : why traffic sent through VPN router ?
- Index(es):
Relevant Pages
|
