[vpn] VPN and firewall question

Igor Pronin Igor.Pronin at Elma.Net
Wed Oct 10 16:26:52 EDT 2001


----- Original Message -----
From: "Mark Priebatsch" <mark.priebatsch at activcard.com.au>

> Sorry could you explain further.  If the client is running a VPN
client to a
> VPN gateway and it has been set that it will only receive encrypted
traffic

Some kind of a firewall ? Is it also restricted by the sender IP address
i.e. only VPN Gateway allowed?

> on its network interface when connected to/from the VPN gateway, then
how
> can another Internet user get access to the PC while connected.
> (0.0.0.0/0.0.0.0 is handled by teh VPN Gateway.  I know that this has
some
> requirements on the IPSec driver.
>
> I am not covering off the scenarios of when not VPN connected, and/or
the
> IPSsec driver running in passive/unconnected mode, just for when the
PC is
> connected.

At least the network/VPN I am administering has VPN and ordinary,
uncrypted connections (all outgoing) at the same time the only
difference being the destination IP address - only communications to
company Intranet is VPN (IPSec). Incoming communications is restricted
by firewall. I can have some connections open through the VPN tunnel and
other connections uncrypted both going through the ISP used. In practice
all VPN connections are to my company and uncrypted connections
elsewhere.  So the computer is all the time "open" to the net (but
secured by the firewall).

VPN (IPsec) is not equal Firewall. They have different functions and can
be different boxes and/or programs but can be combined in the same box
and/or program. They take care of different sides of the security
problem. And BTW there still is the security problem which cannot be
covered by any box nor program: human negligence and/or error and
similar.

regards

Igor.Pronin at iki.fi



VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list