Solved

Cisco VPN client sw.  Do all packets go to corporation?

Posted on 2004-10-21
261 Views
Last Modified: 2010-04-12
I run a cisco vpn client on company computer hooked into cable and router.

I had thought that only 'company traffic' goes thru the vpn software and into company servers, with the non company traffice (yahoo, pop3 mail, etc) going normally thru the public internet. Recently, someone told me that everything I do on the client ends up being routed to company machine.  Do they see when I go to ebay during the day?

Is this right?  Why would the company even want to bother with traffic that it doesn't want encrypted, or isn't even interested in?

0
Question by:joemz
    6 Comments
     
    LVL 79

    Expert Comment

    by:lrmoore
    Two ways to think about remote VPN users -
    1) allow them to connect and ONLY the traffic between the client and your company network gets encrypted and sent through the VPN. Don't care what they do on the Internet while connected.
    2) While connectd to the company LAN by VPN, the remote client is treated just like any other PC on the network. The company has every right to monitor what you do on the internet while on their network. Some even block it alltogether. While you are on the VPN, you must be doing company business, and your internet access is blocked. You want to check out an auction on Ebay, drop the VPN first.

    Are you allowed to shop ebay during the day if you are at work?

    How can you tell with the client? While connected to the VPN, right-click the little yellow lock, Click Status | Statistics | Route Details
    If you see 0.0.0.0 in Secured subnets, then everything you do goes through the company and they can tell what you did on the Internet.
    If you only see your company LAN in the Secured subnets, then only the traffic to/from that subnet will be encrypted and sent through the VPN. Your normal browsing goes out your own internet connection and the company does not care what you do.
    0
     

    Author Comment

    by:joemz
    Just a followup

    When I'm in the corporate office, I dont need a vpn, but i can't browse to public web sites

    here at home I can go anywhere even while the vpn is running

    the secured routes look like this:

    network                                               subnet
    yy.0.0.0                                           255.0.0.0       think this is company ip address
    nnn.nnn.nnn.nnn                               255.255.0.0   company vpn ip address
    192.168.0.0                                      255.255.255.0  i assume its my local, home, network
    xxx.xxx.xxx.xxx                                  255.255.255.0  an IP address i don't recognize, and timeouts when i ping it

    so, what does this all ad up to?
    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    Looks like only the traffic that goes to the company LAN goes through the VPN tunnel.
    They don't see anything else you do while connected.
    0
     

    Author Comment

    by:joemz
    Gotcha.  In english, does the subnet stuff mean that any address starting with yy, and any address starting with nnn.nnn will be secured?

    and anything going to xxx.xxx.xxx, which is someplace I don't even know

    why is my local lan on a secure route?

    0
     
    LVL 79

    Accepted Solution

    by:
    Yes. All traffic between your PC (that's why your subnet is listed) and these subnets will be secured in the VPN tunnel
    yy.0.0.0
    nn.nn.0.0
    xxx.xxx.xx.0
    0
     

    Author Comment

    by:joemz
    Great answer, great explanation. and Quick

    Perfect.

    Thanks
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Learn The Basics of Ethical Hacking & Pen Testing

    Computer and network security is one of the fastest growing and most essential industries in technology, meaning companies will pay big bucks for ethical hackers. This is the perfect course to leap into this lucrative career, learning how to use ethical hacking to reveal ...

    Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now