VPN Concentrator 3015 and the broadcast to VPN client

myoucef · ‎10-14-2004

Hi,

I have a vpn concentrator 3015, and many software vpn clients, my question is:

Can the vpn concentrator send a broadcast from a computer in my local network (LAN) to the vpn clients

Thanks

sachinraja · ‎10-17-2004

Yes.. this is definitely possible.. Since all the VPN clients have an address from the local Pool, it shows as directly connected networks on the routing table of the concentrator.. This can force the concentrator to broadcast the traffic to all directly connected networks..

You can think of 2 things under this scenario:

1) If you are using a normal client, be sure you enable the firewall feature of the client. The concentrator can push the firewall policies to the client, which can deny such unnecessary requests...

2) You can think of enabling web vpn on the concentrator. When you use web vpn, the concentrator does not allocate any IP address when the client connects, which means there is no information of the client on the concentrators routing table.. this can avoid the concentrator broadcasting the packets to the connected clients.

hope this helps

myoucef · ‎10-18-2004

Hi,

You say that it is possible, so what can I do to configure it??

Thanks

sachinraja · ‎10-27-2004

Hello

for configuring web vpn ,you need to upgrade your VPN concentrator to the latest OS. you can then refer to cisco's documentation to configure it.

To configure the firewall policy , you need to configure filters and apply it on the VPN concentrator group policy. The policies are pushed onto the client once it gets connected. enable split tunneling if needed.