Question On Internet Access While Logged In As VPN Client..

  • Thread starter Thread starter JIMB
  • Start date Start date
J

JIMB

Question On Internet Access While Logged In As VPN
Client..

We have MSESKSB SERVER w\Firewall now & my question is,
can our VPN (outside!)(WAN,) client's while logged in to
the Server & going through our new Firewall, be able to
access the internet through another port perhaps on the
Firewall or from their own systems without jeopardizing &
opening up the virtual & private connection to the outside
internet world?

I know there is a switch which we can set on the VPN
advance TCP/IP properties to allow this, However, I also
know that if done this way, this "opens" & defeats the
reason for the Virtual & Private Connection.

Can this be done safely? through the firewall or by
another means? If so, how?

As Always, I am very much appreciative of any response
you might offer.
Thank You..
 
I Apologise;

I Fudged Up on the spelling THE MSESKSB term stands for
Micorsoft Exchange Small Business 2000 Server...

In any event, I will review your link... Jim B
 
I have read the link, found it very informative and then
processed the very last portion of it, in regards to SPlit
Tunneling" & RAS Policies & Routing Behavior.

This was on the link -->
"One last way to dealing with the problem of VPN clients
routing traffic from non-authenticated machines across the
VPN connection is to take advantage of Remote Access
Policies. You can configure your VPN Remote Access Policy
Profiles to use packet filters to limit communicates only
to the VPN client. This effectively prevents the VPN
client from acting as a router between the Internet and
the internal network.
<---------

In any event, This seems to be exactly what I am looking
fo. I had followed the intsructions for configuring the
Routing & Remote Access settings on the Server and then I
logged in to the Server with a VPN conection. I than
tried to acces the internet and was not able to

I may have miss something! Do any settings have to be
changed on the client's VPN's settings above & beyond than
what they were set to orgianlly for normal VPN connection
to make this work?

Thank You Again.. Jim B



On The Server To
 
JIMB,

If you want your clients to browse while connected via VPN, AND if your
using ISA as your firewall /proxy ,you can configure them to browse using
SBS as the remote gateway.

1. Open Internet Explorer.
2.Click on Tools
3. Click on Internet options
4. Click on the connections tab
5. Click on the VPN connection listed in the box labeled Dial-up and VPN
Settings
6. Click settings
7. Check the box for use proxy server and enter ISA's name or IP address and
port number

This will allow them to *browse* other websites only and use ISA as their
gateway thus all policies defined on ISA would apply to them including any
HTTP virus filtering or rules you have configured.
 
I don't know the answer--I haven't attempted this myself (and I should
have--I run SBS-2000 at a number of sites, myself!)

I'd agree with Bill Swan's advice about where to get better answers.
 
Thanks Guys, For all your helped.
It seems between all of you, I was able to configure
the server for the vpn clients to access the internet.. I
belive it is safe based upon your knowlege, experience &
suggestions. However, I am still a little nervous! With
all do respect, is there a way to test the connection in
real time?

My Best To All For Your Help... Jim B
..
 
Thanks Guys, For all your helped.

It seems between all of you, ( & "NOBODY"!) I was able
to configure the server for the vpn clients to access the
internet.. I belive it is safe based upon your knowlege,
experience & suggestions. However, I am still a little
nervous! With all do respect, is there a way to test the
connection in real time?

My Best To All For Your Help... Jim B
 
Figure out a test that'll show you that server policies are effective on
these connections?

Maybe something as simple as shutting down Internet access at a given hour
of the night?
 
Back
Top