Solved

Force VPN Connection Before Accessing Any Network

Posted on 2006-11-17
5
1,106 Views
Last Modified: 2012-06-21

Hi Experts:

I'd like to force my travelling users to start the VPN before they log into a wireless (or wired) network.

So if one of my users travels to a hotel with a wide-open wireless network I want them to have to log in to the VPN b/f they can surf the Internet.

I've fiddled with bridging the two without success so I wonder if there is any freeware or windows settings that can require a VPN connection before a LAN is connected.

Any help would be appreciated.
0
Comment
Question by:ericbruntjen
  • 2
  • 2
5 Comments
 
LVL 4

Expert Comment

by:Smacky311
ID: 17966359
You will need a domain and you can disable cached account login through the domain.  Then users will be required to contact the domain controller prior to logging into their laptop.  Cisco VPN software allows "Start before login" and this allows them to login to the VPN at the control+alt+del screen for windows login.  

This will achieve the desired effect.
0
 
LVL 1

Author Comment

by:ericbruntjen
ID: 17966533

Thanks for the quick reply. The VPN isn't my own network so they can't authenticate into my domain from there. Its a good idea but I'm still hoping for something else.

I'm thinking of blocking IE and Outlook from the wireless adapter but not the VPN, that way they'd at least have incentive to log in to the VPN otherwise what would the point of connecting be? That might work in practice but in principle its pretty ugly.

E.
0
 
LVL 4

Accepted Solution

by:
Smacky311 earned 75 total points
ID: 17966707
What if you installed personal firewalls on the machines that blocked all ports outside of the necessary ports for VPN.  This way I believe you should still be able to access internet through the VPN, but all other adapters will be blocked.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 50 total points
ID: 17972860
>>"force my traveling users to start the VPN before they log into a wireless (or wired) network"
Sounds a little impossible, in that they need an Internet connection to connect to the VPN. However, if you statically assigned the DNS server, in their TCP/IP properties, to be only your internal DNS server, they would not be able to browse the Internet or access any resource by DNS name, except through the VPN tunnel. To make doubly sure, force all traffic through the VPN tunnel by disabling split tunneling (usually is by default). On the Windows client, this is done on the VPN client by enabling "use default gateway on remote network".
Just a thought.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17982354
Thanks ericbruntjen. Cheers !
--Rob
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question