Remote-Access User Requirements
Road warriors and telecommuters alike have the same requirements while on the road as when in the office. Most likely they
will need access to the following: Domain Name System (DNS) to resolve Internet host and domain names, Windows
Internet Naming Service (WINS) to resolve hosts in their Windows domain, and a virtual IP address that will allow them to
access the corporate Intranet. These values are pushed to a remote client by the ISAKMP configuration method (IKE
MODCFG) during tunnel establishment after successful authentication. The virtual address can in turn be used by any device
on the intranet to connect the client. For times when users are out of the office and out of control, Cisco recommends that
you control the connection they have both to your intranet and the Internet. If you choose to allow split tunneling, make
sure that personal firewall software is installed, updated, and running, and that it has a valid security policy on the
remote-access client. Otherwise, if a rogue applet, Trojan horse, or some other outside source gains control of the client, after
it has been compromised it could then be used to attack the enterprise network. Cisco does not recommend enabling split
tunneling on clients without firewall capability
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.