Travelling laptops over VPN

From: Jerry (jerry.giacinto_at_ketteng.com.nospam.com)
Date: 11/30/04 

Date: Tue, 30 Nov 2004 09:57:24 -0700

  I've run into a problem configuring laptops for my company. We're in the
process of upgrading to Windows XP SP2, and one feature I would like to add
for travelling users is the ability to connect to an internet connection,
say at a hotel, which may not be firewalled, and be able to safely use that
connection for both internet browsing and connecting to our Cisco VPN.
Additionally, I'd prefer it if, when the user is back in the office, and
connects the laptop directly to the LAN, the laptop can still be managed
remotely.
  I'm having problems getting firewall protection in all cases. I
configured Group Policy for the laptops so that when the laptop is connected
to the domain, then the Windows XP firewall is off, and when it's connected
to a different network (like at a hotel), the firewall is on. That appears
to work fine. However, when the user connects to the VPN using the Cisco
VPN client, the firewall shuts off because it sees the domain. Then, the
laptop is not protected while on the VPN.
  I could configure the firewall to be on all the time, but doesn't that
make management difficult? I don't want to setup firewall exceptions for
managing the laptop while it's on the domain, because those same exceptions
will apply while the laptop is connected to the VPN. I'm not completely
sure what the risks are.
  I've been using Nmap to test the firewall with TCP, UDP, and TCP SYN
stealth port scans. But, to be honest, I'm not even sure if that's the best
way to test. However, I do get scan results that are consistent with the
firewall being on or off.
  I've entered a cornucopia of frustration, and am looking for pointers,
suggestions, or facts backed by people with experience in this type of
setup. Any help would be greatly appreciated.

Thank you,
  Jerry

Relevant Pages

  • RE: Strange VPN Porblem
    ... I understand that one laptop can not access ... Please disable the XP firewall, and ensure there is no connection limit ... Please manually create a VPN connection via the following KB and then ... Try to access share folder via IP address (i.e. ...
    (microsoft.public.windows.server.sbs)
  • Re: I can ping but not share.
    ... connection on GJPARKER. ... the LAPTOP, from GJPARKER. ... Apart from that i have disabled xp firewall and have no ...
    (microsoft.public.windowsxp.network_web)
  • Re: More on Remote Desktop
    ... on your firewall to the world, you will almost certainly get hacked. ... between your clients and server on your own LAN. ... your laptop into that LAN server has got to be making these two public IP's ... PPPoE connection to my ADSL ISP. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Novice trying to setup VPN on XP with Linkys Router
    ... my office vpn on my laptop. ... I have even tried to delete the connection and adding it ... The modem is connected to a wireless router. ... home) and I want to use the Windows XP VPN feature. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Mobile Sync over HTTPS and LAN ?
    ... > external https connection using an external port, ... > connected to a laptop running Activesync the handheld will be able to ... my firewall connection manager...and now it won't work again... ... my IP address and gateway to go out through the instead and logged off ...
    (microsoft.public.windows.server.sbs)