Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods include, dial-up, broadband, and wireless. Virtual private networks (VPNs), when adequately provisioned with appropriate security controls, are considered internal networks, rather than a remote access method. Monitoring remote access ensures unauthorized access to the enclave's resources and data will not go undetected.
Controlling access to the private network can be accomplished by assigning remote users to specific subnets that can enable network devices and routers to control what resources the remote users can access. To allow traffic to u-turn, the network device would have to be configured to NAT for the pool of remote client addresses on the outside interface (the same global address), as well as have a configuration statement to allow traffic to egress out the same interface in which the IPSec tunnel terminates-most implementations do not allow this by default. If the network device is configured to allow a loop back, then there must be another network device upstream to inspect this outbound traffic or the traffic must be forwarded (policy-based routing) towards the network device or applicable proxy to perform the stateful inspection. |