Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN shuts down networking

Status
Not open for further replies.
GlenJohnson

GlenJohnson

MIS
Aug 2, 2001
5,203
US
I can use my Cisco 3000 VPN to tunnel into my remote site, but then it shuts down all other networking functions. I can't connect to another site or send and re-ceive e-mail. I've sent an e-mail to Cisco, but I thought I'd throw this out here. The consultant that configured it for us said it was for security reasons. I'm not sure I buy that. Glen A. Johnson
Johnson Computer Consulting
MCP W2K
glen@johnsoncomputers.us

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
"Doubt is not a pleasant condition, but certainty is an absurd one."
Voltaire -born Francois-Marie Arouet- (1694-1778); French writer.
 
Sort by date Sort by votes
Can you explain how your connection is? You have 3000 Concentrator on your side and what is that you have the other side and are you using? When you say you cannot access which network is that?

Cheers,
Rajesh
 
Upvote 0 Downvote
The consultant is correct that this is a feature that is put in place to reduce the security risk.

Network security defaults to the weakest point on the network. When you create a VPN connection, you effectivly become part of the server's network. Anything or anyone that has access to your computer potentially has access to the same server side resources that you do.

If your computer is properly secured otherwise, it's not a problem. Problem is, the consultant doesn't have control over your computer, so the security risk flag is thrown to cover his or her backside.

Having said that, it shouldn't be the consultant's call. The risks should be explained to the powers that be (in a little more detail), but in the end the decision should rest with the customer, not the consultant.

There are really two ways around the problem. It is possible to route internet access through the corporate firewall while you are connected to the VPN. Obvious downside is the use of bandwidth, anything that you would pull through the internet would use twice the actual bandwidth, once on the way to the corporate firewall, then again on the way through the VPN to your computer.

The second way would be to use a version of the client that doesn't force all traffic through the VPN. Cisco allows for several options to be configured before the client is distributed to users and that is one of them.

Generally, wouldn't say you were given the wrong answer, just presented in the wrong way.
 
Upvote 0 Downvote
GlenJohnson, The contractor is correct that this is done for security reasons. But you can do something called "Split-Tunnel" which will allow you to access resources on both ends. (VPN resources and local resources). You can check out this on cisco's website:
I'm sure people will not advise this, unless it is quite neccessary. Again, due to security reasons. Hope this is what you are asking. Hope this helps.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
435
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
323
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
268
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
230
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
304
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top