Corp VPN User Question about VPN and Public IP use.

[bigfanboy]

Simple common question I am sure.

I am a reasonably savvy user but cannot figure this out.

I am a remote user for my company. So I must be on my VPN client much of the day to send/receive email and such. The problem is it seems as soon as I VPN ALL IP communication goes through my VPN client IP rather than knowing that much of the traffic should use my public IP. And of course my corp Firewall blocks many of my tools, if you can call ICQ/MSN/etc as work tools.

Is this just how this works? I have run into this issue in the past and just worked with it. But I figured I would do some reseach and see if I can get around this issue. It makes sens to me that there should be some way for me to setup my lapt top so that only certain IP requests go through my VPN Virtual NIC with it's client IP and tunnel, and all others use my physical NIC with it's public IP (or not so public when I am on my Home Office DSL).

Any thoughts help etc?

Tanks

Big

 

[Supergrrover]

It's called split tunneling. It is controlled by the headend VPN device that you are connecting to. The admin there would have to allow it. Although you might be able to install another NIC that does not have the VPN client/mini-firewall bound to it, you will have to mess with the routing tables and such.



Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[bigfanboy]

So basically I cannot be on VPN if I want to be able to use tools that are stopped by the firewall?

It makes no sense to me that I am not in control of where my outbound traffic goes just because I am using a VPN client.

Bah

Thanks for the response though.

 

[Supergrrover]

In short, yes.

They may argue that it helps with virus protection, but that is not really true. However bots, trojans, and the like that can be a big security risk.

It provides a way into their network and they should take every precaution to keep it secure. You wouldn't want your SS# and bank info to get out because someone got a trojan through ICQ and compromised a server.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[NickIntersoft]

If you use standard windows vpn, you can enable split tunneling. This way you'll use your own gateway/router and you'll have little trouble using your work tools ;-)

go to the properties of you're vpn connection, network - select TCP/IP properties and take advanced. Here you'll find the option to use the host gateway.

Nick

 

[Supergrrover]

Generally the windows vpn connection must be allowed on the headend device as it also uses L2TP. Without that part in their config, it won't work. I know on a pix that it requires specific tunnels to be set up for it.

That aside, this is probably the part people should be concerned with most -
Circumventing company policies can get you fired. I have had to recommend it on a few occasions. If you signed a terms of use of equipment or internet for your company then you are bound by those terms.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[dearingkr]

If I were you I would be very careful about enabling split-tunnelling.
Using a VPN basically puts your computer inside the company's network security.
By enabling split-tunnelling, you have just openned an unsecure back door to the company network.
If something bad happenned because of that... well it wouldn't be pretty.

MCSE CCNA CCDA