VPN Clients invisible ?

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi

i have a simple Question but no possibilities to test it.
Customer A wants to connect to the network of Customer B by VPN connection.
The network of customer B contains many client workstations that should not
be able to see that customer A is connected by VPN.

So my question ... if customer A is connected, are the clients in Network B
able to see this in Network Ressources / Network environment ?

Lorac

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Lorac,

It all depends on how you setup your VPN and e.g. where you VPN server will
be located.

E.g. I usually configure VPN to e.g. Check Point firewall where user is
authenticated with e.g. certificate. After this, I can create rules where
user can go from here... (e.g. can it see client computers or can it see
just one particular PC; or can it access just resources in DMZ)... (Note if
I would allow remote desktop to specific computer in LAN after user
successfully establishes VPN this user can have unlimited access to the LAN
from this computer where he/she connected with terminal service...).
I can also filter users based on their source IP and allow them VPN to the
company only from client's office (client's IP address)...

If you don't have an option to use e.g. your firewall as VPN server you can
setup VPN server in e.g. DMZ and again use your firewall as filter what
clients that use VPN will see on LAN. E.g. if client needs an access to
internal website you can only open TCP port 80 or 443 if you use SSL and
prevent all other access (e.g. access to shares...)...

Mike

"Lorac" <Lorac@discussions.microsoft.com> wrote in message
news3EE6C6C-B731-459A-98C4-68329E7F1396@microsoft.com...
> Hi
>
> i have a simple Question but no possibilities to test it.
> Customer A wants to connect to the network of Customer B by VPN
connection.
> The network of customer B contains many client workstations that should
not
> be able to see that customer A is connected by VPN.
>
> So my question ... if customer A is connected, are the clients in Network
B
> able to see this in Network Ressources / Network environment ?
>
> Lorac

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

They may be able to "see" the other computer, particularly if it has netbios
over tcp/ip enabled on it and wins is used in the network to facilitate
browsing via netbios over tcp/ip, however you can control what traffic the
client receives and sends to the network. In Windows 2000 rras for instance,
Remote Access Policies can be configured with input and output filters by
editing the profile/ip of the Remote Access Policy to allow access to and
from only certain IP address, ports, and protocols. If you are connecting
via an ipsec VPN endpoint device, they can be configured in the same way to
manage traffic through the tunnel.--- Steve

http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag_rap_elements.htm
-- Remote Access Policy

"Lorac" <Lorac@discussions.microsoft.com> wrote in message
news3EE6C6C-B731-459A-98C4-68329E7F1396@microsoft.com...
> Hi
>
> i have a simple Question but no possibilities to test it.
> Customer A wants to connect to the network of Customer B by VPN
> connection.
> The network of customer B contains many client workstations that should
> not
> be able to see that customer A is connected by VPN.
>
> So my question ... if customer A is connected, are the clients in Network
> B
> able to see this in Network Ressources / Network environment ?
>
> Lorac