I need the local LAN connection so I can scp and rsync stuff between my laptop and my other home machines locally. There is a need for the VPN to be on 24/7 especially when I'm on call or working from home. I have a local firewall through which I use other boxes for non-work stuff. On the firewall I only have the relevant ports opened to the machines that need to use them and where appropriate as in the case of VPN, only to the one host on the WAN. In any case at the other end they have a proper defences except for the SPAM that Lotus Notes can't cope with. Regards Sid. James Oakley wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wednesday 19 November 2003 08:04 pm, Sid Boyce wrote:
I installed Cisco vpnclient-linux-4.0.1-A-k9.tar.gz, configured it and it ran. I have KeepAlives=1 in the .pcf file which allows me to stay connected 24/7 when working from home. It's running behind a NAT firewall to cable modem when at home and on the road I use it dialled up to an ISP. I have EnableLocalLAN=1, but it falsely reports "Local LAN Access is disabled".
Hmmm. I've never used that version, so I'm not sure how to fix it, but I can tell you that the EnableLocalLAN option is *very* bad for security. Your admins should set up a proxy server for you to browse the web. (I'm guessing that's why you want it) Alternatively, you can connect/disconnect as needed, which is the most secure option.
If you still want this option, you should contact Cisco's support guys.
- -- James Oakley Engineering - SolutionInc Ltd. joakley@solutioninc.com http://www.solutioninc.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/vMZS+FOexA3koIgRAveeAJ9W0cg/YPLWAacqXDmgBT5UILWQdACdH0p5 zg5mivPcBnmB5iPMgk2o/3M= =hvZx -----END PGP SIGNATURE-----
-- Sid Boyce .... Linux Only Shop.