RE: Opinions required -

From: Schouten, Diederik (Diederik) (
Date: 09/05/02

From: "Schouten, Diederik (Diederik)" <>
To: "'Calhoun, Heath'" <>, Jonathan Kimpson <>,
Date: Thu, 5 Sep 2002 11:27:01 +0200 

How does the VPN Concentrator provide access in the likes of PC-Anywhere to
the clients PC's?

They already have a IPSec Client VPN solution on the FW-1, running
PC-Anywahere through it :)

A agree that putting the control of your hosts in the hands of a 3d party is
quite risky.
But that is just a trust thing...

Bigger issue would be, what if their servers are unavailable, that would
mean your remote users cannot use your network.

I'd say, stick with your current solution.
Although you need 2 systems to do it, and it is not as flexible as the Java
solution from GoTomypc, it is secure enough, relatively cheap, and
completely in your control.



> -----Original Message-----
> From: Calhoun, Heath []
> Sent: Wednesday, September 04, 2002 17:45 PM
> To: Jonathan Kimpson;
> Subject: RE: Opinions required -
> Definitely more expensive, but much more secure would be the Cisco VPN
> concentrator.
> If you have the money, I'd go with the concentrator. Not
> only is it more
> secure, but
> YOU have COMPLETE control over it, users and what they do.
> You may have to
> setup access-lists
> or conduits in your firewall for the specific system the user
> needs access
> to. You
> can also setup where the user is either static or dhcp.
> GOToMyPC is secure, but the concentrator is more secure. It
> also kills any
> active
> internet app on the end users pc as part of the concentrators client
> included firewall.
> Another drawback, is if their server is down, then what?
> What if their
> server gets or
> is hacked? Then what? Also, what information does this
> service collect
> about the
> target pc?
> Heath Calhoun
> -----Original Message-----
> From: Jonathan Kimpson []
> Sent: Tuesday, September 03, 2002 11:19 AM
> To:
> Subject: Opinions required -
> My MD has put this in front of me as a method for allowing access to
> dedicated pcs in either our LAN (!) or DMZ.
> Has anyone got any experience in running this service?
> Any pitfalls?
> Any huge holes?
> The service depends on a central server to authenticate the
> connections and
> common sense tells me not to trust without good references
> and testimonials.
> The thought of having access to our LAN does put me off- I'm
> going to have
> to come up with ways of monitoring and controlling this
> traffic on our FW-1.
> Does anyone run this product in an enterprise environment? We
> have provided
> remote access for others using Securemote by Checkpoint and
> PCanywhere but
> the simplicity of this product attracts our less than techie bosses.
> Thanks in advance