This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec traffic originate from an authenticated source

I have recently been debating split tunneling. For years it has been best practice to disable split tunneling.
We have a requirement to block people from using Internet Connection Sharing in an office environment to turn their laptop into a VPN tunnel for everyone else in the office. We have identified a few situations where this is happening. The first response it to disable split tunneling, but I read a blog post from Tom Shinder stating that the Microsoft DirectAccess with UAG solution will require that IPSec traffic originate from an authenticated source thereby satisfying our requirement.
Is it possible to create a rule on the ASG where IPSec traffic must originate from an authenticated source?

This thread was automatically locked due to age.

Parents

0 BarryG over 14 years ago

Hi Bob, I think he's worried that an IPSec client might have ICS on and then NAT in traffic from the REMOTE LAN... since it's NAT'd by the client, I don't think a PF rule would help.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 14 years ago

Hi Bob, I think he's worried that an IPSec client might have ICS on and then NAT in traffic from the REMOTE LAN... since it's NAT'd by the client, I don't think a PF rule would help.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data