Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   VPN and local LAN access with 2 nics (http://www.velocityreviews.com/forums/t30688-vpn-and-local-lan-access-with-2-nics.html)

Roman Kab 12-03-2003 07:10 PM

VPN and local LAN access with 2 nics
 
Hello,

Is it possible to configure a VPN client in the PC with 2 nics and
retain local area network access.

My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
ips.
I wanted to configure VPN software to use one card to access corporate
network and the second card to retain acces to my local lan and
network printers.

Corporate lan has disabled split tunnel feature.

I tried once but lost local lan access as soon as VPN connection was
enabled.

Any suggestions?

Thanks
Roman

John Smith 12-03-2003 07:22 PM

Re: VPN and local LAN access with 2 nics
 
Think outside the TCP/IP box! ;-)

Bind multiple protocols to your Internal NIC (i.e. TCP/IP and IPX).
Setup VPN as normal, it will only control TCP/IP (split tunneling).
Connect to your shares and printers using IPX (remember to specify the frame
type for IPX on each box (autodetection doesn't always work)).


"Roman Kab" <rkab@yahoo.com> wrote in message
news:f38ef22d.0312031110.371a8813@posting.google.c om...
> Hello,
>
> Is it possible to configure a VPN client in the PC with 2 nics and
> retain local area network access.
>
> My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
> ips.
> I wanted to configure VPN software to use one card to access corporate
> network and the second card to retain acces to my local lan and
> network printers.
>
> Corporate lan has disabled split tunnel feature.
>
> I tried once but lost local lan access as soon as VPN connection was
> enabled.
>
> Any suggestions?
>
> Thanks
> Roman




Walter Roberson 12-03-2003 07:39 PM

Re: VPN and local LAN access with 2 nics
 
In article <f38ef22d.0312031110.371a8813@posting.google.com >,
Roman Kab <rkab@yahoo.com> wrote:
:Is it possible to configure a VPN client in the PC with 2 nics and
:retain local area network access.

:My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
:ips.
:I wanted to configure VPN software to use one card to access corporate
:network and the second card to retain acces to my local lan and
:network printers.

:Corporate lan has disabled split tunnel feature.

:I tried once but lost local lan access as soon as VPN connection was
:enabled.

:Any suggestions?

My suggestion would be to politely ask your network admins whether
they would enable split tunnel. If they will not, then my suggestion
would be that you not try to get around the block.

When you allow access to both networks at the same time, through any
mechanism, then your corporate lan becomes vulnerable to whatever
problems exist on the other lan, because viruses, worms, and trojans can
then use your PC as router or relay point. If your security people
have made a design decision to block split tunneling, then you endanger
the corporate network by bypassing their decision, and you risk
the corporate security people finding out and cracking the security
policy.

In some environments, deliberately bypassing a "no split tunnel"
rule would be grounds for immediate firing -and- being assessed the
cost of a thorough network security audit to find out what the impact
of the hole was.
--
Warhol's Second Law of Usenet: "In the future, everyone will troll
for 15 minutes."

John Smith 12-04-2003 03:12 PM

Re: VPN and local LAN access with 2 nics
 
All well in good, however split tunneling is only for TCP/IP connectivity. They
would need to publish policies saying no alternate protocols and make that very
clear to the users before any firing would happen.

Not to mention the fact that this box may not even be their employees, but a
partners, hard to push your rules onto others sometimes for many reasons.

Besides, what happens once the VPN isn't being used? The risks you site can
still happen to the box while offline from the VPN, then expose your network too
them once they connect again. What controls do you have then for their home
LAN.

VPN segments should be firewalled as well in my opinion and treated as untrusted
inside the work network.



"Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca> wrote in message
news:bqle63$6tm$1@canopus.cc.umanitoba.ca...
> In article <f38ef22d.0312031110.371a8813@posting.google.com >,
> Roman Kab <rkab@yahoo.com> wrote:
> :Is it possible to configure a VPN client in the PC with 2 nics and
> :retain local area network access.
>
> :My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
> :ips.
> :I wanted to configure VPN software to use one card to access corporate
> :network and the second card to retain acces to my local lan and
> :network printers.
>
> :Corporate lan has disabled split tunnel feature.
>
> :I tried once but lost local lan access as soon as VPN connection was
> :enabled.
>
> :Any suggestions?
>
> My suggestion would be to politely ask your network admins whether
> they would enable split tunnel. If they will not, then my suggestion
> would be that you not try to get around the block.
>
> When you allow access to both networks at the same time, through any
> mechanism, then your corporate lan becomes vulnerable to whatever
> problems exist on the other lan, because viruses, worms, and trojans can
> then use your PC as router or relay point. If your security people
> have made a design decision to block split tunneling, then you endanger
> the corporate network by bypassing their decision, and you risk
> the corporate security people finding out and cracking the security
> policy.
>
> In some environments, deliberately bypassing a "no split tunnel"
> rule would be grounds for immediate firing -and- being assessed the
> cost of a thorough network security audit to find out what the impact
> of the hole was.
> --
> Warhol's Second Law of Usenet: "In the future, everyone will troll
> for 15 minutes."





All times are GMT. The time now is 11:58 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.