VPN and local LAN access with 2 nics

Discussion in 'Cisco' started by Roman Kab, Dec 3, 2003.

  1. Roman Kab

    Roman Kab Guest

    Hello,

    Is it possible to configure a VPN client in the PC with 2 nics and
    retain local area network access.

    My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
    ips.
    I wanted to configure VPN software to use one card to access corporate
    network and the second card to retain acces to my local lan and
    network printers.

    Corporate lan has disabled split tunnel feature.

    I tried once but lost local lan access as soon as VPN connection was
    enabled.

    Any suggestions?

    Thanks
    Roman
     
    Roman Kab, Dec 3, 2003
    #1
    1. Advertisements

  2. Roman Kab

    John Smith Guest

    Think outside the TCP/IP box! ;-)

    Bind multiple protocols to your Internal NIC (i.e. TCP/IP and IPX).
    Setup VPN as normal, it will only control TCP/IP (split tunneling).
    Connect to your shares and printers using IPX (remember to specify the frame
    type for IPX on each box (autodetection doesn't always work)).
     
    John Smith, Dec 3, 2003
    #2
    1. Advertisements

  3. :Is it possible to configure a VPN client in the PC with 2 nics and
    :retain local area network access.

    :My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
    :ips.
    :I wanted to configure VPN software to use one card to access corporate
    :network and the second card to retain acces to my local lan and
    :network printers.

    :Corporate lan has disabled split tunnel feature.

    :I tried once but lost local lan access as soon as VPN connection was
    :enabled.

    :Any suggestions?

    My suggestion would be to politely ask your network admins whether
    they would enable split tunnel. If they will not, then my suggestion
    would be that you not try to get around the block.

    When you allow access to both networks at the same time, through any
    mechanism, then your corporate lan becomes vulnerable to whatever
    problems exist on the other lan, because viruses, worms, and trojans can
    then use your PC as router or relay point. If your security people
    have made a design decision to block split tunneling, then you endanger
    the corporate network by bypassing their decision, and you risk
    the corporate security people finding out and cracking the security
    policy.

    In some environments, deliberately bypassing a "no split tunnel"
    rule would be grounds for immediate firing -and- being assessed the
    cost of a thorough network security audit to find out what the impact
    of the hole was.
     
    Walter Roberson, Dec 3, 2003
    #3
  4. Roman Kab

    John Smith Guest

    All well in good, however split tunneling is only for TCP/IP connectivity. They
    would need to publish policies saying no alternate protocols and make that very
    clear to the users before any firing would happen.

    Not to mention the fact that this box may not even be their employees, but a
    partners, hard to push your rules onto others sometimes for many reasons.

    Besides, what happens once the VPN isn't being used? The risks you site can
    still happen to the box while offline from the VPN, then expose your network too
    them once they connect again. What controls do you have then for their home
    LAN.

    VPN segments should be firewalled as well in my opinion and treated as untrusted
    inside the work network.
     
    John Smith, Dec 4, 2003
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.