Solved

Force VPN Connection Before Accessing Any Network

Posted on 2006-11-17
5
1,108 Views
Last Modified: 2012-06-21

Hi Experts:

I'd like to force my travelling users to start the VPN before they log into a wireless (or wired) network.

So if one of my users travels to a hotel with a wide-open wireless network I want them to have to log in to the VPN b/f they can surf the Internet.

I've fiddled with bridging the two without success so I wonder if there is any freeware or windows settings that can require a VPN connection before a LAN is connected.

Any help would be appreciated.
0
Comment
Question by:ericbruntjen
  • 2
  • 2
5 Comments
 
LVL 4

Expert Comment

by:Smacky311
ID: 17966359
You will need a domain and you can disable cached account login through the domain.  Then users will be required to contact the domain controller prior to logging into their laptop.  Cisco VPN software allows "Start before login" and this allows them to login to the VPN at the control+alt+del screen for windows login.  

This will achieve the desired effect.
0
 
LVL 1

Author Comment

by:ericbruntjen
ID: 17966533

Thanks for the quick reply. The VPN isn't my own network so they can't authenticate into my domain from there. Its a good idea but I'm still hoping for something else.

I'm thinking of blocking IE and Outlook from the wireless adapter but not the VPN, that way they'd at least have incentive to log in to the VPN otherwise what would the point of connecting be? That might work in practice but in principle its pretty ugly.

E.
0
 
LVL 4

Accepted Solution

by:
Smacky311 earned 75 total points
ID: 17966707
What if you installed personal firewalls on the machines that blocked all ports outside of the necessary ports for VPN.  This way I believe you should still be able to access internet through the VPN, but all other adapters will be blocked.
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 50 total points
ID: 17972860
>>"force my traveling users to start the VPN before they log into a wireless (or wired) network"
Sounds a little impossible, in that they need an Internet connection to connect to the VPN. However, if you statically assigned the DNS server, in their TCP/IP properties, to be only your internal DNS server, they would not be able to browse the Internet or access any resource by DNS name, except through the VPN tunnel. To make doubly sure, force all traffic through the VPN tunnel by disabling split tunneling (usually is by default). On the Windows client, this is done on the VPN client by enabling "use default gateway on remote network".
Just a thought.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17982354
Thanks ericbruntjen. Cheers !
--Rob
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
fabric 1 31
Sharing same loopback address on different switches 1 48
Remote Desktop Support Tools Like "Go to MY PC", etc 10 50
FTP Transfer Speeds ... 6 53
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question