joemz
asked on
Cisco VPN client sw. Do all packets go to corporation?
I run a cisco vpn client on company computer hooked into cable and router.
I had thought that only 'company traffic' goes thru the vpn software and into company servers, with the non company traffice (yahoo, pop3 mail, etc) going normally thru the public internet. Recently, someone told me that everything I do on the client ends up being routed to company machine. Do they see when I go to ebay during the day?
Is this right? Why would the company even want to bother with traffic that it doesn't want encrypted, or isn't even interested in?
I had thought that only 'company traffic' goes thru the vpn software and into company servers, with the non company traffice (yahoo, pop3 mail, etc) going normally thru the public internet. Recently, someone told me that everything I do on the client ends up being routed to company machine. Do they see when I go to ebay during the day?
Is this right? Why would the company even want to bother with traffic that it doesn't want encrypted, or isn't even interested in?
ASKER
Just a followup
When I'm in the corporate office, I dont need a vpn, but i can't browse to public web sites
here at home I can go anywhere even while the vpn is running
the secured routes look like this:
network subnet
yy.0.0.0 255.0.0.0 think this is company ip address
nnn.nnn.nnn.nnn 255.255.0.0 company vpn ip address
192.168.0.0 255.255.255.0 i assume its my local, home, network
xxx.xxx.xxx.xxx 255.255.255.0 an IP address i don't recognize, and timeouts when i ping it
so, what does this all ad up to?
When I'm in the corporate office, I dont need a vpn, but i can't browse to public web sites
here at home I can go anywhere even while the vpn is running
the secured routes look like this:
network subnet
yy.0.0.0 255.0.0.0 think this is company ip address
nnn.nnn.nnn.nnn 255.255.0.0 company vpn ip address
192.168.0.0 255.255.255.0 i assume its my local, home, network
xxx.xxx.xxx.xxx 255.255.255.0 an IP address i don't recognize, and timeouts when i ping it
so, what does this all ad up to?
Looks like only the traffic that goes to the company LAN goes through the VPN tunnel.
They don't see anything else you do while connected.
They don't see anything else you do while connected.
ASKER
Gotcha. In english, does the subnet stuff mean that any address starting with yy, and any address starting with nnn.nnn will be secured?
and anything going to xxx.xxx.xxx, which is someplace I don't even know
why is my local lan on a secure route?
and anything going to xxx.xxx.xxx, which is someplace I don't even know
why is my local lan on a secure route?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great answer, great explanation. and Quick
Perfect.
Thanks
Perfect.
Thanks
1) allow them to connect and ONLY the traffic between the client and your company network gets encrypted and sent through the VPN. Don't care what they do on the Internet while connected.
2) While connectd to the company LAN by VPN, the remote client is treated just like any other PC on the network. The company has every right to monitor what you do on the internet while on their network. Some even block it alltogether. While you are on the VPN, you must be doing company business, and your internet access is blocked. You want to check out an auction on Ebay, drop the VPN first.
Are you allowed to shop ebay during the day if you are at work?
How can you tell with the client? While connected to the VPN, right-click the little yellow lock, Click Status | Statistics | Route Details
If you see 0.0.0.0 in Secured subnets, then everything you do goes through the company and they can tell what you did on the Internet.
If you only see your company LAN in the Secured subnets, then only the traffic to/from that subnet will be encrypted and sent through the VPN. Your normal browsing goes out your own internet connection and the company does not care what you do.