06-13-2019 08:16 AM - edited 02-21-2020 09:40 PM
From my experience of VPN's over the past 15 years, once activated they are supposed to protect the machine it is operating on from any external network. It creates a secure tunnel to the host organisation server proving appropriate protection.
I recently started working from home and connect using Cisco Anytime Connect. I also use a Soft-Phone which is configured to make and receive calls using my companies VoIP PBX. Usually if I am not connected to the VPN the Soft-Phone will not make or receive calls.
I started to get SIP scanning calls coming through looking for vulnerabilities and I have been getting calls from random cli's every two to three minutes. After raising the issue with tech support they say they aren't seeing these calls on our network and cant block them.
The SIp attacks apparently are coming through my home internet connection and bypassing the VPN to ping the softphone, probably through port 5060.
I thought this should not be possible while using the VPN as all traffic should be routed through that secure connection to the host servers at work. But i am told that as well as the VPN my normal internet connection is running at the same time.
This goes against everything I understand about the purpose and function of a VPN and i believe I am being fobbed off by an IT manager that cant be bothered and gives one word answers to my questions.
I worked at a very large global organisation that were very security conscious about their data and I know that Cisco Any Connect VPN was fully secure. Nothing got through that wasn't supposed to.
Is it just a configuration within the VPN? Could it be that we just aren't paying for that level of protection? If someone can scan my laptop and bypass the VPN to call my Soft Phone, bypassing the network configuration in the phone itself does this mean that emails ad other data on my laptop are vulnerable? It seems to me they are.
Please help.
06-13-2019 08:25 AM
Hi there,
Sounds like your VPN is configured for split-tunneling. Although this goes against VPN security best practice, your organisation has obviously taken the decision to implement it this way.
What does your routing table look like when the VPN is connected?
ip route
route -n
cheers,
Seb.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide