Re: Cisco VPN Client [7:19858]
George, do you have control of the vpn3000? the split tunnel list on the concentrator should be setup to with only the networks accessible from ipsec tunnel. otherwise, all ip traffic will be sent through the tunnel. From: George Kallingal Reply-To: George Kallingal To: [EMAIL PROTECTED] Subject: Cisco VPN Client [7:19858] Date: Thu, 13 Sep 2001 17:31:20 -0400 I have a question about the Cisco VPN Client software and how it binds its driver to a network card. We have an NT server that we are connecting to a remote network using the Cisco VPN Client (to a Concentrator 3000, I believe). Upon connection through the VPN, I lose connectivity to the other servers on the local network. Is there a way to maintain the local area connection while connected over VPN? I tried to multi-home the server and unbind the DNE driver for one network card, but that just disabled the network card. Has anyone experienced this before? Are there any workarounds? Fixes? Or does this require a call to Cisco TAC? Thanks. George _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20128t=19858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Client [7:19858]
I believe you will have to enable split tunneling on the concentrator. With this enabled packets destined for networks defined on the concentrator will be encrypted and sent to that gateway, and all others will use local routing. Jeff From: George Kallingal Reply-To: George Kallingal To: [EMAIL PROTECTED] Subject: Cisco VPN Client [7:19858] Date: Thu, 13 Sep 2001 17:31:20 -0400 I have a question about the Cisco VPN Client software and how it binds its driver to a network card. We have an NT server that we are connecting to a remote network using the Cisco VPN Client (to a Concentrator 3000, I believe). Upon connection through the VPN, I lose connectivity to the other servers on the local network. Is there a way to maintain the local area connection while connected over VPN? I tried to multi-home the server and unbind the DNE driver for one network card, but that just disabled the network card. Has anyone experienced this before? Are there any workarounds? Fixes? Or does this require a call to Cisco TAC? Thanks. George _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20139t=19858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Client [7:19858]
You point to c:\program files\common files\deterministic network\DNE\dne.sys in stead of c:\i386 when you install the VPN client. This is a known problem with IBM T20/21 machines. Regards Jon Gudmundsson -Original Message- From: George Kallingal [mailto:[EMAIL PROTECTED]] Sent: 13. september 2001 21:31 To: [EMAIL PROTECTED] Subject: Cisco VPN Client [7:19858] I have a question about the Cisco VPN Client software and how it binds its driver to a network card. We have an NT server that we are connecting to a remote network using the Cisco VPN Client (to a Concentrator 3000, I believe). Upon connection through the VPN, I lose connectivity to the other servers on the local network. Is there a way to maintain the local area connection while connected over VPN? I tried to multi-home the server and unbind the DNE driver for one network card, but that just disabled the network card. Has anyone experienced this before? Are there any workarounds? Fixes? Or does this require a call to Cisco TAC? Thanks. George Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=20051t=19858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Cisco VPN Client [7:19858]
sounds like a split tunnel issue. I believe split tunneling is turned off by default. if this is the case, here is the explanation: the model for VPN is a user station connecting to a corporate network through the internet. There is an issue with having an open internet net connection on a remote user machine while connected via a VPN to the Corp net. the user machine can be compromised by an internet hacker, who then has access to corporate through the user connection. split tunnel is the term for this situation - having an open connection to the local internet at the same time one has a secure connection via a VPN tunnel. Because this is considered a real security risk, most VPN client software turns this feature off by default. you should be able to find the required settings in the config guide, so you can permit split tunneling. although I gotta say, if I understand you correctly, you would be opening up your server to compromise from the internet. why not do the VPN tunnel through an edge device, like a router? Site to site VPN? HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of George Kallingal Sent: Thursday, September 13, 2001 2:31 PM To: [EMAIL PROTECTED] Subject: Cisco VPN Client [7:19858] I have a question about the Cisco VPN Client software and how it binds its driver to a network card. We have an NT server that we are connecting to a remote network using the Cisco VPN Client (to a Concentrator 3000, I believe). Upon connection through the VPN, I lose connectivity to the other servers on the local network. Is there a way to maintain the local area connection while connected over VPN? I tried to multi-home the server and unbind the DNE driver for one network card, but that just disabled the network card. Has anyone experienced this before? Are there any workarounds? Fixes? Or does this require a call to Cisco TAC? Thanks. George Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19865t=19858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Client [7:19858]
As opposed to the Nortel Extranet client (which allows local and VPN network access), the Cisco (nee Altiga) client completely binds the interface when the tunnel is up. I experimented with this particular problem in December for the same capability (access to local and remote-over-VPN servers), and Cisco at the time said that 'split tunnelling' would be a future feature. (We therefore went with the Nortel Extranet solution) They may have changed their position, but the client was not written to support that function. I use the Extranet client for remote access to my corporate network now, and I'm glad that the split tunnelling is enabled - allows me to read my work email and access work servers, with direct access to the Internet (small improvement in latency when compared to going through my Corporate net, and probably a 'bandwidth savings' - if no split tunnel, my Internet traffic would hit our Corporate Internet Access connection 4 times...one inbound request, one outbound request, one inbound response, one outbound response). Our CorpNet folks are going to start providing personal firewall software for us, though, exactly for the security reason mentioned below. - Original Message - From: Chuck Larrieu To: Sent: Thursday, September 13, 2001 2:57 PM Subject: RE: Cisco VPN Client [7:19858] sounds like a split tunnel issue. I believe split tunneling is turned off by default. if this is the case, here is the explanation: the model for VPN is a user station connecting to a corporate network through the internet. There is an issue with having an open internet net connection on a remote user machine while connected via a VPN to the Corp net. the user machine can be compromised by an internet hacker, who then has access to corporate through the user connection. split tunnel is the term for this situation - having an open connection to the local internet at the same time one has a secure connection via a VPN tunnel. Because this is considered a real security risk, most VPN client software turns this feature off by default. you should be able to find the required settings in the config guide, so you can permit split tunneling. although I gotta say, if I understand you correctly, you would be opening up your server to compromise from the internet. why not do the VPN tunnel through an edge device, like a router? Site to site VPN? HTH Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of George Kallingal Sent: Thursday, September 13, 2001 2:31 PM To: [EMAIL PROTECTED] Subject: Cisco VPN Client [7:19858] I have a question about the Cisco VPN Client software and how it binds its driver to a network card. We have an NT server that we are connecting to a remote network using the Cisco VPN Client (to a Concentrator 3000, I believe). Upon connection through the VPN, I lose connectivity to the other servers on the local network. Is there a way to maintain the local area connection while connected over VPN? I tried to multi-home the server and unbind the DNE driver for one network card, but that just disabled the network card. Has anyone experienced this before? Are there any workarounds? Fixes? Or does this require a call to Cisco TAC? Thanks. George _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19882t=19858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Cisco VPN Client [7:19858]
Looks like it's a split-tunnel problem. Once you lunch VPN, all traffic will be encrypted, other local machines couldn't decrypt the data. You can enable split-tunnel on 3000, tell it only traffic to your main office needs to be encrypted. HTH. Jim --- George Kallingal wrote: I have a question about the Cisco VPN Client software and how it binds its driver to a network card. We have an NT server that we are connecting to a remote network using the Cisco VPN Client (to a Concentrator 3000, I believe). Upon connection through the VPN, I lose connectivity to the other servers on the local network. Is there a way to maintain the local area connection while connected over VPN? I tried to multi-home the server and unbind the DNE driver for one network card, but that just disabled the network card. Has anyone experienced this before? Are there any workarounds? Fixes? Or does this require a call to Cisco TAC? Thanks. George [EMAIL PROTECTED] __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=19883t=19858 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]