Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2095
Views
0
Helpful
2
Replies

security differences lan-to-lan vs remote access VPN connections

rsr2564
Level 1
Level 1

‎10-06-2004 08:07 AM - edited ‎02-21-2020 01:23 PM

which is more secure or less secure, lan-to-lan between UNTRUSTED networks, or a remote VPN access connection between the same UNTRUSTED networks. My belief is thay since the lan-to-lan is generally thought of as static or semi-permanent, it is inherently less secure than a temporary remote access connection. Is this true?

Labels:
0 Helpful
2 Replies 2

Patrick Iseli
Level 7
Level 7

‎10-08-2004 07:18 AM

Difficult to answer your question, that might be the reason why nobody answered yet.

Might be a security risk? I am joking !!

I think one of the major diffrence is that a Remote Access VPN is easyer to Audit (monitor) because usually each users has to Authenticate their VPN and so it is easyer to trace a user.

I depends a lot if we talk about remote, teleworkers or not. Anyway for the Site2Site and Remote VPNs you have to configure your access-list correctly to restrict access.

sincerely

Patrick

0 Helpful

d-garnett
Level 3
Level 3

‎10-10-2004 10:01 PM

I think it boils down to the initial key exchange. The remote access connections use Aggressive Mode and alot of the Keying Data is sent before the tunnel is fully built (encrypted). The true LAN2LAN tunnels are not subjected to that. On the flip side it's still very secure. No one has (cross my fingers) hacked into any of our EzVPN links or Mobile Users PC's yet. Either way once the tunnel is up, it's up and all the data is encrypted, until a re-keying takes place.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_security_notice09186a008016b57f.html

The only other "remote access" issues after that is some people don't like using split tunneling because they would prefer that all Internet bound traffic be re-reouted out of their central location (for network security (i.e., Content Filtering) and Desktop Security (Antivirus, Spyware) reasons. Some people don't like split tunneling because they feel that the desktop can be used as an avenue for attack into the internal network

Hacker > Remote Access PC > VPN Tunnel > Internal Net

Do I use Remote Access and Lan2Lans? Yes....and an IDS :^) If I had a choice, all of our VPN links would be Lan2Lans but the reality is money talks and Comcast Cable and Verizon DSL Internet Access via DHCP is alot cheaper than static IPs

0 Helpful
Customers Also Viewed These Support Documents