Connect to VPN and local network simultaneously?

[jad73]

We are using the nortel extranet client to VPN into our host company to close w/o and such. While we are connected to them, we cant connect to our local databases to reliquish our inventory. Is there any way that I can connect to both simultaneously... Any way at all that I can do it from this location?

Thanks,

Jamie

 

[Crutcher]

You have to implement what is called split tunneling.

Go into your networking props for the VPN and deep within the settings you will find a check box that says "use default gateway on remote network." uncheck the box and it "should" work fine.

Good luck,
Joe Crutcher

 

[jad73]

I'm using nortel EAC 2.6, I cant find that option anywhere.

 

[ChicagoTechNet]

you may want to edit the routing table. for example, make sure 0.0.0.0 point to the Internet routre and network ip like 192.168.0.0 point to the network router. For more information, go to

http://www25.brinkster.com/ChicagoTech

Robert Lin, MS-MVP, MCSE & CNE
Windows, Network and How to at

http://www25.brinkster.com/ChicagoTech

 

[jad73]

Well, lets see, maybe i didnt make myself very clear.

The office we are at now has a small local area network, probably about 30 or so computers. We do work for another company and in order to close the work orders we do, we have to dedicate 4 computers to connect via VPN to their corporate headquarters. The only problem is that, the girls that close the work orders also need to remove inventory add add data to our local network, for our records. Currently I have made replicas of the database on each machine and we synchronize with the master at the end of the night. Its just been a pain in the ass and by doing it that way we can never see what is going on real time. The only alternative is to have the girls take the calls and then pass the info on to someone else who isnt on the vpn to enter the data, but then you are doing things twice and utilizing another person that could be doing something else. My hopes were to somehow find a way to make those 4 computers be on the VPN and have access to our local intranet site at the same time. There must be a way. I cant change any settings that are on the remote site and they wont change anything do to security issues or whatever.

Any ideas... anyone...

 

[1911man]

Jad,

I feel your pain. If the company you are VPNing into would setup Split Tunneling on their switch, you could do it. Without split tunneling, when you connect to them it creates 1 tunnel and basically wont let you see out, even on your local side. I'll be honest. I don't know what else you could do.
Maybe try adding an additional network card into those systems and see if that works. That way you will have one tunneled and the other on your local LAN.
Good Luck

 

[jad73]

I've thought of that, wasnt sure if it'd work? Has anyone tried it and had success?

 

[rustyknutz]

Like 1911man said, split tunneling is really the only way to easily do this. What's happening is that the Nortel Client is really a shim under the network layer (IP) and any IP communications that is bound to a given adapter will receive it's routing table info from the far end switch. If you were to use another adapter, (I think I played around with this before)what I remember happening is that the new routing table info gets written after you connect to the switch. If you try and modify the routing table afterward, the client spits up a message saying that modification of the routing table is not allowed. You could use a branch office tunnel if you had another contivity on your site. This would eliminate the problem as easily as split tunneling.

 

[sclifford]

Jamie,

First, you're a programmer for ann HSP that does installation fulfillment for [satellite television company]. So am I.

Second, I've jumped through the hoops you're jumping through right now including capturing work orders, inventory management, route sheets, etc. I also use ASP for development.

That said, let me address this specific problem.

Yes, you can be logged in to the VPN and connect to your local network simultaneously. The two-network-card trick will not work. What happens is that both network cards will be assigned IPs by the VPN. However, you can bypass this by installing another network protocol such as IPX/SPX. You can still use mapped drives and whatnot, but you will not be able to print to network printers over TCP/IP, etc.

Put IPX/SPX on a test box, then a target box. Log into the VPN on the test box, then try to connect to a share on the target box: e.g. in the Windows Explorer address window put \\TARGET_BOX_NAME\SHARE_NAME then press enter. Viola!

Now your folks can use your internal database to decrement receivers from inventory. However, there are easier ways of doing that, some 48 hours delayed (CFH_DAILY reports) and others near-real-time (which I won't go into on this forum) that won't require data entry by your call center folks.

Good luck,

Sean Clifford

 

[jad73]

I love you man...lol

Jamie

 

[jad73]

What did you guys do to capture the work orders? We currently have a full time data entry person entering them in by hand.. At 350+ work orders a day, that gets a bit time consuming...hehe, glad im not the one doing it

 

[sclifford]

Actually, you know that Java applet we all love and enjoy? I screen scrape data from that and cram it into our database. Our volume is about 1250 per day. It's not perfected yet, but I'm zeroing in on it.

 

[jad73]

BTW, adding the protocols worked Now I just need to figure out the Java applet thing... are you typing in each work order # and then screen scraping the screen? What are you using for software?

 

[sclifford]

I wrote a custom application to ride on top of the Java applet, issue commands, and scrape the screen - all five screens for each work order. [The satellite TV company] doesn't really like this solution, but we don't have an alternative other than have 1,000 monkeys at 1,000 typewriters doing data entry by hand - and making errors - or copy & pasting. Double-entry of data sucks.

Email me at webmaster@comm-craft.com and we can discuss it further since we're getting into HSP-only territory. I'll be tied up today on conference calls and urgent coding, so you probably won't get a reply until Thursday.

For the other folks monitoring this forum what we're talking about is how to extract data from a Java applet that back-ends to a 3270 box when we have no data export function in the application (not even printing in most cases). Screen scraping seems to be the only solution - the datastream is encrypted.

 

[onepair]

Install NetBEUI, it is not routeable and the VPN can't
see it. Works for winders anyways, but slow initiaiting
the connection. What I now do:

Made a new subnet for the VPN , complete with installing
second nic and all. (CISO) Went in and unchecked the
Determisc thingy from the LOCAL lan card and left the
other card alone. Then I made a catchall route:
route add 0.0.0.0 mask 0.0.0.0 GATEWAY (LOCAL)
then I add a route to the VPN gateway and to each of the
servers I need to connect to. Works very well. I have
internet, email and whatever I want.
Make sure you have a dif gateway for each device.. easier
and cleaner.. I get a little wait state, sometimes..but for
the most part it works well. Forget trying to split tunnel
or anything else.. This way they never see the local traffic
attempts accross the VPN.

If they can make it..I can break into it. 8)