VPN and local LAN access with 2 nics

Discussion in 'Cisco' started by Roman Kab, Dec 3, 2003.

  1. Roman Kab

    Roman Kab Guest

    Hello,

    Is it possible to configure a VPN client in the PC with 2 nics and
    retain local area network access.

    My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
    ips.
    I wanted to configure VPN software to use one card to access corporate
    network and the second card to retain acces to my local lan and
    network printers.

    Corporate lan has disabled split tunnel feature.

    I tried once but lost local lan access as soon as VPN connection was
    enabled.

    Any suggestions?

    Thanks
    Roman
    Roman Kab, Dec 3, 2003
    #1
    1. Advertising

  2. Roman Kab

    John Smith Guest

    Think outside the TCP/IP box! ;-)

    Bind multiple protocols to your Internal NIC (i.e. TCP/IP and IPX).
    Setup VPN as normal, it will only control TCP/IP (split tunneling).
    Connect to your shares and printers using IPX (remember to specify the frame
    type for IPX on each box (autodetection doesn't always work)).


    "Roman Kab" <> wrote in message
    news:...
    > Hello,
    >
    > Is it possible to configure a VPN client in the PC with 2 nics and
    > retain local area network access.
    >
    > My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
    > ips.
    > I wanted to configure VPN software to use one card to access corporate
    > network and the second card to retain acces to my local lan and
    > network printers.
    >
    > Corporate lan has disabled split tunnel feature.
    >
    > I tried once but lost local lan access as soon as VPN connection was
    > enabled.
    >
    > Any suggestions?
    >
    > Thanks
    > Roman
    John Smith, Dec 3, 2003
    #2
    1. Advertising

  3. In article <>,
    Roman Kab <> wrote:
    :Is it possible to configure a VPN client in the PC with 2 nics and
    :retain local area network access.

    :My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
    :ips.
    :I wanted to configure VPN software to use one card to access corporate
    :network and the second card to retain acces to my local lan and
    :network printers.

    :Corporate lan has disabled split tunnel feature.

    :I tried once but lost local lan access as soon as VPN connection was
    :enabled.

    :Any suggestions?

    My suggestion would be to politely ask your network admins whether
    they would enable split tunnel. If they will not, then my suggestion
    would be that you not try to get around the block.

    When you allow access to both networks at the same time, through any
    mechanism, then your corporate lan becomes vulnerable to whatever
    problems exist on the other lan, because viruses, worms, and trojans can
    then use your PC as router or relay point. If your security people
    have made a design decision to block split tunneling, then you endanger
    the corporate network by bypassing their decision, and you risk
    the corporate security people finding out and cracking the security
    policy.

    In some environments, deliberately bypassing a "no split tunnel"
    rule would be grounds for immediate firing -and- being assessed the
    cost of a thorough network security audit to find out what the impact
    of the hole was.
    --
    Warhol's Second Law of Usenet: "In the future, everyone will troll
    for 15 minutes."
    Walter Roberson, Dec 3, 2003
    #3
  4. Roman Kab

    John Smith Guest

    All well in good, however split tunneling is only for TCP/IP connectivity. They
    would need to publish policies saying no alternate protocols and make that very
    clear to the users before any firing would happen.

    Not to mention the fact that this box may not even be their employees, but a
    partners, hard to push your rules onto others sometimes for many reasons.

    Besides, what happens once the VPN isn't being used? The risks you site can
    still happen to the box while offline from the VPN, then expose your network too
    them once they connect again. What controls do you have then for their home
    LAN.

    VPN segments should be firewalled as well in my opinion and treated as untrusted
    inside the work network.



    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:bqle63$6tm$...
    > In article <>,
    > Roman Kab <> wrote:
    > :Is it possible to configure a VPN client in the PC with 2 nics and
    > :retain local area network access.
    >
    > :My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
    > :ips.
    > :I wanted to configure VPN software to use one card to access corporate
    > :network and the second card to retain acces to my local lan and
    > :network printers.
    >
    > :Corporate lan has disabled split tunnel feature.
    >
    > :I tried once but lost local lan access as soon as VPN connection was
    > :enabled.
    >
    > :Any suggestions?
    >
    > My suggestion would be to politely ask your network admins whether
    > they would enable split tunnel. If they will not, then my suggestion
    > would be that you not try to get around the block.
    >
    > When you allow access to both networks at the same time, through any
    > mechanism, then your corporate lan becomes vulnerable to whatever
    > problems exist on the other lan, because viruses, worms, and trojans can
    > then use your PC as router or relay point. If your security people
    > have made a design decision to block split tunneling, then you endanger
    > the corporate network by bypassing their decision, and you risk
    > the corporate security people finding out and cracking the security
    > policy.
    >
    > In some environments, deliberately bypassing a "no split tunnel"
    > rule would be grounds for immediate firing -and- being assessed the
    > cost of a thorough network security audit to find out what the impact
    > of the hole was.
    > --
    > Warhol's Second Law of Usenet: "In the future, everyone will troll
    > for 15 minutes."
    John Smith, Dec 4, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?TWFjY2E3Nw==?=

    Two nics, change access order in REGISTRY key??

    =?Utf-8?B?TWFjY2E3Nw==?=, Dec 20, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    2,289
    TeVan
    Jan 1, 2005
  2. Gary Smith
    Replies:
    0
    Views:
    659
    Gary Smith
    Jan 15, 2004
  3. Jon L. Miller
    Replies:
    1
    Views:
    16,464
    Dumbkid
    Feb 7, 2005
  4. Replies:
    0
    Views:
    663
  5. Diego Balgera
    Replies:
    2
    Views:
    8,704
    moncho
    Mar 14, 2008
Loading...

Share This Page