As opposed to the Nortel Extranet client (which allows local and VPN network
access), the Cisco (nee Altiga) client completely binds the interface when
the tunnel is up. I experimented with this particular problem in December
for the same capability (access to local and remote-over-VPN servers), and
Cisco at the time said that 'split tunnelling' would be a future feature.
(We therefore went with the Nortel Extranet solution) They may have changed
their position, but the client was not written to support that function.
I use the Extranet client for remote access to my corporate network now, and
I'm glad that the split tunnelling is enabled - allows me to read my work
email and access work servers, with direct access to the Internet (small
improvement in latency when compared to going through my Corporate net, and
probably a 'bandwidth savings' - if no split tunnel, my Internet traffic
would hit our Corporate Internet Access connection 4 times...one inbound
request, one outbound request, one inbound response, one outbound response).
Our CorpNet folks are going to start providing personal firewall software
for us, though, exactly for the security reason mentioned below.
----- Original Message -----
From: "Chuck Larrieu"
To:
Sent: Thursday, September 13, 2001 2:57 PM
Subject: RE: Cisco VPN Client [7:19858]
> sounds like a split tunnel issue. I believe split tunneling is turned off
by
> default.
>
> if this is the case, here is the explanation:
>
> the model for VPN is a user station connecting to a corporate network
> through the internet. There is an issue with having an open internet net
> connection on a remote user machine while connected via a VPN to the Corp
> net. the user machine can be compromised by an internet hacker, who then
has
> access to corporate through the user connection.
>
> split tunnel is the term for this situation - having an open connection to
> the local internet at the same time one has a secure connection via a VPN
> tunnel. Because this is considered a real security risk, most VPN client
> software turns this feature off by default.
>
> you should be able to find the required settings in the config guide, so
you
> can permit split tunneling.
>
> although I gotta say, if I understand you correctly, you would be opening
up
> your server to compromise from the internet. why not do the VPN tunnel
> through an edge device, like a router? Site to site VPN?
>
> HTH
>
> Chuck
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> George Kallingal
> Sent: Thursday, September 13, 2001 2:31 PM
> To: [EMAIL PROTECTED]
> Subject: Cisco VPN Client [7:19858]
>
>
> I have a question about the Cisco VPN Client software and how it binds its
> driver to a network card.
>
> We have an NT server that we are connecting to a remote network using the
> Cisco VPN Client (to a Concentrator 3000, I believe). Upon connection
> through the VPN, I lose connectivity to the other servers on the local
> network. Is there a way to maintain the local area connection while
> connected over VPN? I tried to multi-home the server and unbind the DNE
> driver for one network card, but that just disabled the network card.
>
> Has anyone experienced this before? Are there any workarounds? Fixes? Or
> does this require a call to Cisco TAC?
>
> Thanks.
>
> George
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19882&t=19858
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
