Thursday, August 26, 2004


Idiocy Du Jour

Short shrift again today due to Chinese Fire Drills and other commitments, however, the Asshat Of The Day Award goes to my own Respected Employer. For a number of reasons, we have three VPN solutions deployed. The preferred VPN solution (read as the cheapest) up until about a week ago was very firewall unfriendly (requiring lots of ports and protocols to be opened that no sane security administrator at any large corporation would do). One of the legacy solutions on the other hand was nicely firewall friendly and could be configured to tunnel using any port (although of course we usually just used SSL) if required (the other legacy solution is semi-firewall friendly, however, it's like pulling teeth to get an ID for it; the chargeback model is horrendous). I liked that legacy solution, as once you got the command syntax down, it was very easy to customize to any specific situation or location, and you were able to Get Things Done. Now that the preferred VPN solution has become firewall-friendly, we have been given all of two days to make sure we're on the preferred solution. This blows big time for not only the obvious reasons (the password resets are flying furiously as everyone is trying to remember their passwords for the new client), but there's one bugaboo that will likely have the help desk screaming. It seems that in many cases if the laptop has a wireless interface, the laptop's IP address will register as the default gateway, not the local router. Of course, the packets are then blackholed, and no connectivity (needless to say about an hour of experimenting confirmed this). However, if the laptop is wired, no problems, and the connection just rocks. Needless to say there are going to be a lot of road warriors sitting in Starbucks or at an airport gate somewhere that are going to be screaming bloody murder when their VPN connections don't work. Another well thought-out implementation guys.....


<< Home

This page is powered by Blogger. Isn't yours?

Technorati search