Can I use VPN and direct connect at the same time?

[monoceros144]

I have a direct connection to the internet, and then a VPN connection. The VPN is required for some applications, but using the web is substantially slower while the VPN is enabled.

Would there be a way to let only SOME TCP/IP go through the VPN, while others did not? For example-- could I set it up so that Internet Explorer always goes through the VPN, but Firefox does not?

 

[burtsbees]

No---just to use the local or remote gateway, so that you can connect to the VPN and still use the local machine to connect to the internet, and this depends on the vpn client you use (I know how to do this in Windows)---as far as I know, it cannot be browser specific, unless you utilize routemaps and access-lists in a Cisco router that block/allow certain ports in certain situations (tunnel versus non-tunnel, regular traffic), and if you therefor would be able to set each browser to use separate tcp ports (I am not sure of this).

Burt

 

[monoceros144]

I'm definitely could control which port. Since I control the work server (which has to be accessed over the VPN), I could set it whatever port I want.

So, if there were some way to say "Send port X through the VPN, but send everything else through the direct connect"-- that would work.

Is there a way to do that though?

 

[burtsbees]

NAT/PAT with a static assignment to the web server, or whatever box you want to use a specific port.

Burt

 

[monoceros144]

NAT/PAT w/ static assignment won't work because that servers IPs will change often.

is there any way I can just say everything with port X go through VPN?

 

[burtsbees]

Yes! Static NAT!

Burt

 

[monoceros144]

Burt--

I'm sorry to be dense-- how do I set up such a static NAT within XP? Do I need to install some sort special Administrative Tool?

 

[brianinms]

What sort of VPN client are you using?

 

[monoceros144]

I'm using the Windows XP VPN client

 

[monoceros144]

IT seems like the Routing and Remote Access control panel might be a place to look, but I don't have it since I'm XP and not Server 2003. I instead the Server 2003 admin tools, but apparently the RRAS control panel isn't among them.

 

[burtsbees]

NAT is set in the router/gateway device...what is doing the routing at the edge?

Burt

 

[monoceros144]

Let's assume that it's a direct connection-- Cablemodem plugged into ethernet. Just a computer, and a XP,

I do have a Linksys WRT54G and a Xincom DP6402 lying around if those would help.

--

thank you so much for helping me-- I'm usually really good at solving these sorts of puzzles, but this one doesn't seem to be clicking for me.

I've learned that Linux's Netfilter/iptables supposedly can do this, so if nothing else, I go that route maybe. But an XP solution would be better.

 

[gbaughma]

Couldn't you do that with a static route?

Assuming that the system that he is VPN-ing into is on one subnet, and the rest of the Internet ISN'T...

Wouldn't he be able to set up a route so that
"Any traffic to 192.168.1.* goes to {VPN NETWORK}"
"Everything else goes through {local gateway}"

??



Just my 2¢
-Cole's Law: Shredded cabbage

--Greg

http://parallel.tzo.com