VPN and local LAN access with 2 nics

Hello,

Is it possible to configure a VPN client in the PC with 2 nics and
retain local area network access.

My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
ips.
I wanted to configure VPN software to use one card to access corporate
network and the second card to retain acces to my local lan and
network printers.

Corporate lan has disabled split tunnel feature.

I tried once but lost local lan access as soon as VPN connection was
enabled.

Any suggestions?

Thanks
Roman

 

Think outside the TCP/IP box! ;-)

Bind multiple protocols to your Internal NIC (i.e. TCP/IP and IPX).
Setup VPN as normal, it will only control TCP/IP (split tunneling).
Connect to your shares and printers using IPX (remember to specify the frame
type for IPX on each box (autodetection doesn't always work)).

 

:Is it possible to configure a VPN client in the PC with 2 nics and
:retain local area network access.

:My PC has 2 nics connected to one router ( DLINK ) and use 192.168.0.x
:ips.
:I wanted to configure VPN software to use one card to access corporate
:network and the second card to retain acces to my local lan and
:network printers.

:Corporate lan has disabled split tunnel feature.

:I tried once but lost local lan access as soon as VPN connection was
:enabled.

:Any suggestions?

My suggestion would be to politely ask your network admins whether
they would enable split tunnel. If they will not, then my suggestion
would be that you not try to get around the block.

When you allow access to both networks at the same time, through any
mechanism, then your corporate lan becomes vulnerable to whatever
problems exist on the other lan, because viruses, worms, and trojans can
then use your PC as router or relay point. If your security people
have made a design decision to block split tunneling, then you endanger
the corporate network by bypassing their decision, and you risk
the corporate security people finding out and cracking the security
policy.

In some environments, deliberately bypassing a "no split tunnel"
rule would be grounds for immediate firing -and- being assessed the
cost of a thorough network security audit to find out what the impact
of the hole was.

 

All well in good, however split tunneling is only for TCP/IP connectivity. They
would need to publish policies saying no alternate protocols and make that very
clear to the users before any firing would happen.

Not to mention the fact that this box may not even be their employees, but a
partners, hard to push your rules onto others sometimes for many reasons.

Besides, what happens once the VPN isn't being used? The risks you site can
still happen to the box while offline from the VPN, then expose your network too
them once they connect again. What controls do you have then for their home
LAN.

VPN segments should be firewalled as well in my opinion and treated as untrusted
inside the work network.