Depending on the details of your VPN mechanism - generally those that provide layer 3 connectivity: OpenVPN, PPTP, SSTP, L2TP/IPsec, straight IPsec and more - you may also require allowing TCP and UDP 53. You also need to consider whether the VPN captures internet traffic.
Depending on your firewall, it can be a huge amount of grief or it can be really easy. Me? I don't trust my end users, and I most certainly do NOT trust their home computers, especially if spouses and/or children are around. I prefer VPNs that work only on layer 4 - the classic browser-based "clientless" SSL VPN. You can also provide similar functionality with SSH "port forwarding". On 12/8/2010 9:36 AM, Erik Goldoff wrote: > Do they have desktops in the office ? > > Setup a vpn that only allows port 3389 (RDP) and then they can MSTSC/RDP > to their desktops without allowing other risky traffic from personal > equipment over the VPN -- Phil Brutsche [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
