Recently I was working on a client site helping them with a software implementation. While I was on-site I asked their network admin if I could establish a VPN connection to my office network so that I could use PCAnywere to check email and transfer documents between my office network and my laptop. All I asked for was an internet connection, not a LAN login or anything like that. I was given the internet connection, but was refused the VPN connection because their network admin said that it was a security risk.

On the other side of the equation is the software that I was helping implement was installed on an NT 4 box running Citrix Metaframe and they had clients of theirs logging in over the internet using Metaframe client to access the application remotely. This particular software that I implemented requires read/write access to a local drive on the machine to read and write initialization and parameter files.

What I don't understand and what I could use some clarification on is whether the connection that I requested out of their network was less secure than the inbound connection that they were giving their clients via Metaframe? I didn't have access to any network shares, just a connection to the internet. Their inbound users had access to a machine on the inside of their firewall and potentially had access to their network shares.

When I brought it up to the network admin she just got mad and said that their network setup was none of my business, but I suspect it was because she didn't know what she was talking about. Any ideas?