[55355] in North American Network Operators' Group
Re: Level3 routing issues?
daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Mon Jan 27 16:34:09 2003
Date: Mon, 27 Jan 2003 16:27:50 -0500 (EST)
From: alex@yuriev.com
To: Simon Lockhart <simonl@rd.bbc.co.uk>
Cc: Valdis.Kletnieks@vt.edu, nanog@merit.edu
In-Reply-To: <20030127212139.GS29526@rd.bbc.co.uk>
Errors-To: owner-nanog-outgoing@merit.edu
> But, we were talking about end-user connected into the inside network using
> a VPN. That user needs to have pretty much unfettered access to the
> business parts of your internal network. (Okay, mission critical stuff
> should be seperately firewalled, but MS makes that hard enough, due to
> things like Active Directory, where everything needs to talk to everything).
So what prevents the client from denying all traffic other than (a) traffic
on VPN interface (b) IP traffic on non-VPN interface with destination other
than the address that VPN client uses to build VPN?
Alex
