 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | VPN Questions Basic Situation:
Using a vpn client on a pc to access a server via/behind a Z35
All addresses are single static IPs -delineated (no 0.0.0.0)
1. Is *split tunneling decided by the client the router or both?
2. Assuming split tunneling is a selection on the vpn client, how does one choose which traffic goes through the tunnel?
* assuming split tunnelling means one has access to the tunnel and the regular internet from the PC running the vpn client.
Regarding the Z35.
Right now I have connectivity established via firewall rules and port forwarding to the server from my test pc. At some point I will switch to connectivity to the server via VPN.
3. Do I remove the current port forwarding rules and firewall rules (as connectivity will be through the tunnel).
4. Do I need to make Wan to VPN firewall rules instead?
(Very confused on Wan to VPN firewall rules - what are the advantages).
5. Finally once vpn client on PC to server via z35 is established (for others), I will use my USG100 to do so - any gotchas there??
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
 BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:3
 ·Bell Fibe
| said by Anav:1. Is *split tunneling decided by the client the router or both?
Both
said by Anav:2. Assuming split tunneling is a selection on the vpn client, how does one choose which traffic goes through the tunnel?
The routing is done according to your local routing table. On Windows see "c:\>route print"
said by Anav:3. Do I remove the current port forwarding rules and firewall rules (as connectivity will be through the tunnel).
4. Do I need to make Wan to VPN firewall rules instead?
Once you connect to LAN via VPN you don't need any FW or forwarding rules. You don't need to delete them though if you going to utilize them without VPN.
said by Anav:5. Finally once vpn client on PC to server via z35 is established (for others), I will use my USG100 to do so - any gotchas there??
Not sure what you're asking? |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Well i discoverd that behind my usg it has ipsec pass thru when testing with a client so dont need nat traversal.
Doing it from usg to zywall should be straightfoward.
If I dont need firewall rules or portforwarding rules if using a vpn tunnel. Then what are the wan to VPN rules for in the z35?? Is it to limit the types of traffic coming thru the tunnel.......... and I suppose users |
|
|
|
BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:3 | It's exactly for what it says ...WAN-to-VPN. You can control if WAN traffic can pass to your VPN tunnels. |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Well I find that confusing.........
The tunnel is alread made........... how can the router at the outside see whats coming through........... doesnt it have to take the data at the output of the tunnel before it goes to destination to apply firewall rules then.......... |
|
BranoI hate VogonsPremium,MVM
join:2002-06-25
Burlington, ON
kudos:3 | The WAN-to-VPN rule is for WAN (non-VPN) ingress traffic. |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | you lost me there....... going to bed |
|
