Help with restricting access to VPN WRT54G

Help with restricting access to VPN WRT54G

am 06.08.2007 21:41:34 von privatepiles

Hi

I have been tasked with configuring the following:

Allowing a Laptop to connect (via wireless or fixed lan port on a
Linksys WRT54g Router) via VPN to a company network..

The laptop must ONLY be able to access internet once connected to the
company VPN (and thus pickup the VPN DNS/IP etc) - ie if the PC is
connected to the router (and the router is connected to ADSL/Cable) -
the laptop shouldnt be able to connect to the outside world OTHER than
VPN

If ANY other PC's/Devices are using the Linksys router, no traffic
must be able to pass through to the PC that is making/made the
connection to the VPN

ANY other devices on the network (connected via this router) must not
be able to connect to the Laptop (ie via shares/UNC etc)

I hope this can be done, or if not all, some of it!

Im thinking a fixed IP for the laptop and then some kind of
restriction to only allow VPN traffic??

Amy help/pointers would be welcome

Re: Help with restricting access to VPN WRT54G

am 07.08.2007 23:08:13 von amr

On Aug 6, 2:41 pm, privatepi...@googlemail.com wrote:
> Hi
>
> I have been tasked with configuring the following:
>
> Allowing a Laptop to connect (via wireless or fixed lan port on a
> Linksys WRT54g Router) via VPN to a company network..
>
> The laptop must ONLY be able to access internet once connected to the
> company VPN (and thus pickup the VPN DNS/IP etc) - ie if the PC is
> connected to the router (and the router is connected to ADSL/Cable) -
> the laptop shouldnt be able to connect to the outside world OTHER than
> VPN
>
> If ANY other PC's/Devices are using the Linksys router, no traffic
> must be able to pass through to the PC that is making/made the
> connection to the VPN
>
> ANY other devices on the network (connected via this router) must not
> be able to connect to the Laptop (ie via shares/UNC etc)
>
> I hope this can be done, or if not all, some of it!
>
> Im thinking a fixed IP for the laptop and then some kind of
> restriction to only allow VPN traffic??
>
> Amy help/pointers would be welcome

It's not the router that will be doing it. What VPN client will you
be using on the laptop? Any modern day VPN client (Nortel, Cisco,
etc) enforce policy. So, when the laptop connects to the corporate
network using the VPN client the laptop is now restricted to only
accessing things on the VPN.

When you make a VPN you are creating a tunnel - a private network (if
you will.)

It sounds as if you need to get a fundamental understanding of how
VPNs work.

Once your laptop is tunneled into your corporate network the VPN
termination point inside the corporate network can enforce policy on
the clients that connect to it. I.e., do not allow split-tunneling,
etc.

When the laptop starts the client and connects it is no longer
(logically) on the local network. You can test this yourself when you
start the client and connect to your company. Ping your local PC's,
etc that are on your Linksys router - you will not be able to and
neither will those clients.