Route "around" VPN Client?

Route "around" VPN Client?

Post by ohay » Wed, 22 Oct 2003 01:14:18


Hi,

I have a home network, using a Netgear RT314 router.

On one of the PCs on this network, I occasionally run the Cisco VPN
Client, for example, so that I can access email from the company that
I work for.

But, whenever I have the VPN Client connection running, I cannot get
to the POP or news server that my normal (Cable) ISP uses. The mail
situation is not so bad, because the ISP has a webmail interface, but
I'd really like to be able to get to the news server while the VPN
client is up

I notice that when the VPN client is running, it creates a 2nd
"virtual" interface, and I'm wondering if maybe the problem is that
when the VPN client is running, all my outgoing traffic is being
routed through that interface (to the company), and then the news
server is not allowing the connection because it appears to be not
coming from the cable company's network?

Is there anyway to configure things so that I can access the news
server while the VPN client is up? Maybe by doing something with the
routing table on my PC?

I am running Win2K Pro.

Thanks in advance!!
 
 
 

Route "around" VPN Client?

Post by Lonewol » Wed, 22 Oct 2003 04:02:18

I think you've correctly figured out what's going on. In order to do what
you wish with the news server a function called split tunneling needs to be
enabled for your connection. That is done on the companies side of the
connection. It may be viewed as a security issue by your company however.

 
 
 

Route "around" VPN Client?

Post by Ohay » Wed, 22 Oct 2003 06:17:50

Lonewolf,

Thanks for your response.

I doubt if I'll be able to get the company to allow this. That's why I
was hoping to find some kind of solution where I could add the routing
on my client PC end.

The 'route' command still shows both the virtual/VPN "interface" and the
physical NIC interface. It seems like I should be able to add a
specific route JUST to the news server's IP address for the NIC
interface, which I'm thinking might cause traffic that is destined for
that one IP address to go out on the interface.

It seems like this is, in principle, similar to having two physical NICs
on one computer.

I just can't figure how to do this...
 
 
 

Route "around" VPN Client?

Post by Achille » Wed, 22 Oct 2003 09:39:41


Sure, you can add a route to the ISP's network. But in all likelihood,
your VPN client software will detect that you are tempering with the
routing table and will immediately drop your VPN connection for security
reason. I have tried this with Nortel Contivity and have every reason
to believe the cisco VPN client works the same way.