After takin' a swig o' grog, Bruce Chambers belched out this bit o' wisdom:

> Linønut wrote:
>
>> So, when I log in, taking more than a minute to access my "personal
>> settings" is normal?
>
> Who said such performance is normal? Without any specific details of
> the network in question, it's impossible to say what's causing this.
> I'm confident that it's not WinXP, in and of itself, although an
> improperly configured workstation can certainly cause this. The most
> common cause of such a phenomenon would be to use roaming profiles
> (oversized, with the My Documents folder included), based on a slow or
> over-extended server, and via limited bandwidth.

None of which apply.

>> Has nothing to do with hardware or the user. Windows XP can't always
>> maintain a local-area connection once VPN is activated.
>
> It can, and does, when configured to do so.

So why doesn't Cisco's installer configure it that way by default?

For what it is worth, I get these broken local connections even when I
check the "Allow local access" option in the Cisco VPN configuration.

>> How so? I thought VPN's purpose was to allow you to access remote
>> resources securely.
>
> That's the usual consensus, but it's only partially correct. While
> mostly-secure access can be provided by a VPN, agencies that need
> stronger security, such as governments, don't allow *any* remote
> computer to directly access the internal LAN. Despite all the
> precautions in the world (strong passwords, smart cards, biometrics,
> etc.) there's no way of knowing whether or not the user at the remote
> site is being somehow coerced. In our case, there's an "interface"
> machine that handles, evaluates, and filters all interactions between
> the VPN and the internal LAN.

That makes sense.

What bugs me about our setup is this: to get to all our process assets
(a directory full of lots of Word documents), we have to connect up to
this super-slow share over VPN. It is even slow if I use Linux to
connect and do the copying.

What I'd much rather see is an rsync server. Or even secure FTP.
We probably would have gone that way on our own, but Corporate
apparently forced us to use the "solution" they already had in place.

Many IT people seem to know only about rather crufty Rube-Goldberg
solutions involving Microsoft software.

--
I love the smell of code compiling in the morning. It smells like... Freedom.

Linønut wrote:
>
>
> So why doesn't Cisco's installer configure it that way by default?
>

Ask Cisco.

> For what it is worth, I get these broken local connections even when I
> check the "Allow local access" option in the Cisco VPN configuration.
>
>

But why are you blaming WinXP for what appears to be a Cisco problem?





--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH