27 Jan
2003
27 Jan
'03
10:27 p.m.
But, we were talking about end-user connected into the inside network using a VPN. That user needs to have pretty much unfettered access to the business parts of your internal network. (Okay, mission critical stuff should be seperately firewalled, but MS makes that hard enough, due to things like Active Directory, where everything needs to talk to everything).
So what prevents the client from denying all traffic other than (a) traffic on VPN interface (b) IP traffic on non-VPN interface with destination other than the address that VPN client uses to build VPN? Alex