Re: Cisco VPN Client [7:19858]

2001-09-16 Thread Fly Ers

George,
do you have control of the vpn3000?  the split tunnel list on the 
concentrator should be setup to with only the networks accessible from ipsec 
tunnel.  otherwise, all ip traffic will be sent through the tunnel.


From: George Kallingal 
Reply-To: George Kallingal 
To: [EMAIL PROTECTED]
Subject: Cisco VPN Client [7:19858]
Date: Thu, 13 Sep 2001 17:31:20 -0400

I have a question about the Cisco VPN Client software and how it binds its
driver to a network card.

We have an NT server that we are connecting to a remote network using the
Cisco VPN Client (to a Concentrator 3000, I believe).  Upon connection
through the VPN, I lose connectivity to the other servers on the local
network.  Is there a way to maintain the local area connection while
connected over VPN?  I tried to multi-home the server and unbind the DNE
driver for one network card, but that just disabled the network card.

Has anyone experienced this before?  Are there any workarounds? Fixes?  Or
does this require a call to Cisco TAC?

Thanks.

George
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20128t=19858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Re: Cisco VPN Client [7:19858]

2001-09-16 Thread Jeff Smith

I believe you will have to enable split tunneling on the concentrator.  With 
this enabled packets destined for networks defined on the concentrator will 
be encrypted and sent to that gateway, and all others will use local 
routing.

Jeff


From: George Kallingal 
Reply-To: George Kallingal 
To: [EMAIL PROTECTED]
Subject: Cisco VPN Client [7:19858]
Date: Thu, 13 Sep 2001 17:31:20 -0400

I have a question about the Cisco VPN Client software and how it binds its
driver to a network card.

We have an NT server that we are connecting to a remote network using the
Cisco VPN Client (to a Concentrator 3000, I believe).  Upon connection
through the VPN, I lose connectivity to the other servers on the local
network.  Is there a way to maintain the local area connection while
connected over VPN?  I tried to multi-home the server and unbind the DNE
driver for one network card, but that just disabled the network card.

Has anyone experienced this before?  Are there any workarounds? Fixes?  Or
does this require a call to Cisco TAC?

Thanks.

George
_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20139t=19858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



RE: Cisco VPN Client [7:19858]

2001-09-15 Thread RB Jón Eggert Guðmundsson

You point to 
c:\program files\common files\deterministic network\DNE\dne.sys

in stead of c:\i386 when you install the VPN client. This is a known problem
with IBM T20/21 machines.
Regards
Jon Gudmundsson

-Original Message-
From: George Kallingal [mailto:[EMAIL PROTECTED]]
Sent: 13. september 2001 21:31
To: [EMAIL PROTECTED]
Subject: Cisco VPN Client [7:19858]


I have a question about the Cisco VPN Client software and how it binds its
driver to a network card.

We have an NT server that we are connecting to a remote network using the
Cisco VPN Client (to a Concentrator 3000, I believe).  Upon connection
through the VPN, I lose connectivity to the other servers on the local
network.  Is there a way to maintain the local area connection while
connected over VPN?  I tried to multi-home the server and unbind the DNE
driver for one network card, but that just disabled the network card.

Has anyone experienced this before?  Are there any workarounds? Fixes?  Or
does this require a call to Cisco TAC?

Thanks.

George




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=20051t=19858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



RE: Cisco VPN Client [7:19858]

2001-09-13 Thread Chuck Larrieu

sounds like a split tunnel issue. I believe split tunneling is turned off by
default.

if this is the case, here is the explanation:

the model for VPN is a user station connecting to a corporate network
through the internet. There is an issue with having an open internet net
connection on  a remote user machine while connected via a VPN to the Corp
net. the user machine can be compromised by an internet hacker, who then has
access to corporate through the user connection.

split tunnel is the term for this situation - having an open connection to
the local internet at the same time one has a secure connection via a VPN
tunnel. Because this is considered a real security risk, most VPN client
software turns this feature off by default.

you should be able to find the required settings in the config guide, so you
can permit split tunneling.

although I gotta say, if I understand you correctly, you would be opening up
your server to compromise  from the internet. why not do the VPN tunnel
through an edge device, like a router? Site to site VPN?

HTH

Chuck

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
George Kallingal
Sent: Thursday, September 13, 2001 2:31 PM
To: [EMAIL PROTECTED]
Subject: Cisco VPN Client [7:19858]


I have a question about the Cisco VPN Client software and how it binds its
driver to a network card.

We have an NT server that we are connecting to a remote network using the
Cisco VPN Client (to a Concentrator 3000, I believe).  Upon connection
through the VPN, I lose connectivity to the other servers on the local
network.  Is there a way to maintain the local area connection while
connected over VPN?  I tried to multi-home the server and unbind the DNE
driver for one network card, but that just disabled the network card.

Has anyone experienced this before?  Are there any workarounds? Fixes?  Or
does this require a call to Cisco TAC?

Thanks.

George




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19865t=19858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Re: Cisco VPN Client [7:19858]

2001-09-13 Thread EA Louie

As opposed to the Nortel Extranet client (which allows local and VPN network
access), the Cisco (nee Altiga) client completely binds the interface when
the tunnel is up.  I experimented with this particular problem in December
for the same capability (access to local and remote-over-VPN servers), and
Cisco at the time said that 'split tunnelling' would be a future feature.
(We therefore went with the Nortel Extranet solution)  They may have changed
their position, but the client was not written to support that function.

I use the Extranet client for remote access to my corporate network now, and
I'm glad that the split tunnelling is enabled - allows me to read my work
email and access work servers, with direct access to the Internet (small
improvement in latency when compared to going through my Corporate net, and
probably a 'bandwidth savings' - if no split tunnel, my Internet traffic
would hit our Corporate Internet Access connection 4 times...one inbound
request, one outbound request, one inbound response, one outbound response).
Our CorpNet folks are going to start providing personal firewall software
for us, though, exactly for the security reason mentioned below.

- Original Message -
From: Chuck Larrieu 
To: 
Sent: Thursday, September 13, 2001 2:57 PM
Subject: RE: Cisco VPN Client [7:19858]


 sounds like a split tunnel issue. I believe split tunneling is turned off
by
 default.

 if this is the case, here is the explanation:

 the model for VPN is a user station connecting to a corporate network
 through the internet. There is an issue with having an open internet net
 connection on  a remote user machine while connected via a VPN to the Corp
 net. the user machine can be compromised by an internet hacker, who then
has
 access to corporate through the user connection.

 split tunnel is the term for this situation - having an open connection to
 the local internet at the same time one has a secure connection via a VPN
 tunnel. Because this is considered a real security risk, most VPN client
 software turns this feature off by default.

 you should be able to find the required settings in the config guide, so
you
 can permit split tunneling.

 although I gotta say, if I understand you correctly, you would be opening
up
 your server to compromise  from the internet. why not do the VPN tunnel
 through an edge device, like a router? Site to site VPN?

 HTH

 Chuck

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 George Kallingal
 Sent: Thursday, September 13, 2001 2:31 PM
 To: [EMAIL PROTECTED]
 Subject: Cisco VPN Client [7:19858]


 I have a question about the Cisco VPN Client software and how it binds its
 driver to a network card.

 We have an NT server that we are connecting to a remote network using the
 Cisco VPN Client (to a Concentrator 3000, I believe).  Upon connection
 through the VPN, I lose connectivity to the other servers on the local
 network.  Is there a way to maintain the local area connection while
 connected over VPN?  I tried to multi-home the server and unbind the DNE
 driver for one network card, but that just disabled the network card.

 Has anyone experienced this before?  Are there any workarounds? Fixes?  Or
 does this require a call to Cisco TAC?

 Thanks.

 George
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19882t=19858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Re: Cisco VPN Client [7:19858]

2001-09-13 Thread Jim Bond

Looks like it's a split-tunnel problem. Once you lunch
VPN, all traffic will be encrypted, other local
machines couldn't decrypt the data. You can enable
split-tunnel on 3000, tell it only traffic to your
main office needs to be encrypted.

HTH.

Jim

--- George Kallingal  wrote:
 I have a question about the Cisco VPN Client
 software and how it binds its
 driver to a network card.
 
 We have an NT server that we are connecting to a
 remote network using the
 Cisco VPN Client (to a Concentrator 3000, I
 believe).  Upon connection
 through the VPN, I lose connectivity to the other
 servers on the local
 network.  Is there a way to maintain the local area
 connection while
 connected over VPN?  I tried to multi-home the
 server and unbind the DNE
 driver for one network card, but that just disabled
 the network card.
 
 Has anyone experienced this before?  Are there any
 workarounds? Fixes?  Or
 does this require a call to Cisco TAC?
 
 Thanks.
 
 George
[EMAIL PROTECTED]


__
Do You Yahoo!?
Get email alerts  NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=19883t=19858
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]