Force VPN Connection Before Accessing Any Network

Posted on 2006-11-17
Medium Priority
Last Modified: 2012-06-21

Hi Experts:

I'd like to force my travelling users to start the VPN before they log into a wireless (or wired) network.

So if one of my users travels to a hotel with a wide-open wireless network I want them to have to log in to the VPN b/f they can surf the Internet.

I've fiddled with bridging the two without success so I wonder if there is any freeware or windows settings that can require a VPN connection before a LAN is connected.

Any help would be appreciated.
Question by:ericbruntjen
  • 2
  • 2

Expert Comment

ID: 17966359
You will need a domain and you can disable cached account login through the domain.  Then users will be required to contact the domain controller prior to logging into their laptop.  Cisco VPN software allows "Start before login" and this allows them to login to the VPN at the control+alt+del screen for windows login.  

This will achieve the desired effect.

Author Comment

ID: 17966533

Thanks for the quick reply. The VPN isn't my own network so they can't authenticate into my domain from there. Its a good idea but I'm still hoping for something else.

I'm thinking of blocking IE and Outlook from the wireless adapter but not the VPN, that way they'd at least have incentive to log in to the VPN otherwise what would the point of connecting be? That might work in practice but in principle its pretty ugly.


Accepted Solution

Smacky311 earned 225 total points
ID: 17966707
What if you installed personal firewalls on the machines that blocked all ports outside of the necessary ports for VPN.  This way I believe you should still be able to access internet through the VPN, but all other adapters will be blocked.
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 150 total points
ID: 17972860
>>"force my traveling users to start the VPN before they log into a wireless (or wired) network"
Sounds a little impossible, in that they need an Internet connection to connect to the VPN. However, if you statically assigned the DNS server, in their TCP/IP properties, to be only your internal DNS server, they would not be able to browse the Internet or access any resource by DNS name, except through the VPN tunnel. To make doubly sure, force all traffic through the VPN tunnel by disabling split tunneling (usually is by default). On the Windows client, this is done on the VPN client by enabling "use default gateway on remote network".
Just a thought.
LVL 78

Expert Comment

by:Rob Williams
ID: 17982354
Thanks ericbruntjen. Cheers !

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question