namelesstavern.net

Watch where you step

Skip to content

Cisco VPN question

Ask the few things google does not know

Moderator: Dictators in Training

Post a reply

Cisco VPN question

Postby Lueyen » Wed Sep 13, 2006 10:36 am

My office is using Ciscos VPN client to connect to our clients networks. The problem we have is that once connected to the VPN our work stations are effectively disconnected from our own network and we can only see machines on the client network.

What I'm wondering is if it's possible to be connected to both at once with single nic cards at each workstation. The biggest problem I see is that in many cases our clients are using the same ip range on their networks that we use on ours, and this would obviously make being on both at once problematic because the workstation would see duplicated IP addresses. I'm willing to renumber our network, but I'm not sure if the disconnect from our network by the vpn client is due to addressing or simply an automatic function of the vpn client it's self.
Raymond S. Kraft wrote:The history of the world is the history of civilizational clashes, cultural clashes. All wars are about ideas, ideas about what society and civilization should be like, and the most determined always win.

Those who are willing to be the most ruthless always win. The pacifists always lose, because the anti-pacifists kill them.
User avatar
Lueyen
Dictator in Training
Dictator in Training
 
Posts: 1793
Joined: Tue Mar 09, 2004 2:57 pm
Top

Postby Tossica » Wed Sep 13, 2006 10:57 am

There is a setting in the client to allow access to both networks I believe. I don't have the client in front of me but it "should" install a virtual adapter that gets an IP on the remote network and then your NIC should keep it's local IP so you can access both networks. You may need to add a route statement as well.
User avatar
Tossica
NT Patron
NT Patron
 
Posts: 12490
Joined: Mon Mar 08, 2004 1:21 pm
Top

Postby Jay » Wed Sep 13, 2006 11:15 am

Use a treo to connect to the client network and it'll free up your computer.
Jay

 
Top

Postby Zanchief » Wed Sep 13, 2006 11:17 am

Tossica wrote:There is a setting in the client to allow access to both networks I believe. I don't have the client in front of me but it "should" install a virtual adapter that gets an IP on the remote network and then your NIC should keep it's local IP so you can access both networks. You may need to add a route statement as well.


Nerd
User avatar
Zanchief
Chief Wahoo
Chief Wahoo
 
Posts: 14532
Joined: Sun Jul 04, 2004 7:31 pm
Top

Postby Tikker » Wed Sep 13, 2006 11:22 am

Zanchief wrote:
Tossica wrote:There is a setting in the client to allow access to both networks I believe. I don't have the client in front of me but it "should" install a virtual adapter that gets an IP on the remote network and then your NIC should keep it's local IP so you can access both networks. You may need to add a route statement as well.


Nerd


oh shit, marketable knowledge, who wants that?
Tikker
NT Legend
NT Legend
 
Posts: 14294
Joined: Tue Mar 09, 2004 5:22 pm
Top

Postby Arlos » Wed Sep 13, 2006 11:23 am

You probably will need to re-number your network, however. Seeing the same IPs at both ends could definitely confuse it, as if it sees a request for, say, "telnet 192.168.1.1", it won't know which adapter to send the request out to.

If you're currently using 192.168, just switch to the 10.xxx.xxx.xxx space, or visa versa. Assuming most of your user computers are all getting their IPs via DHCP, it shouldn't even be that big of a project. Couple hours, tops, after hours one night unless you've got a much bigger setup there than it sounds like.

-Arlos
User avatar
Arlos
Admin Abuse Squad
Admin Abuse Squad
 
Posts: 9021
Joined: Thu Mar 11, 2004 12:39 pm
Top

Postby Lueyen » Wed Sep 13, 2006 12:00 pm

Thanks Tossica even though now I feel like someone looking for thier car keys while having them in hand. I did find a client with a different ip range, but noticed after checking the allow local lan access flag the info about the connection still shows that local land is disabled. It might be something I need to have the clients enable server side.

And yea Arlos the ip renumber is a given, once I get it working with the clients with different ip ranges. I'll probably have to do it after hours so people don't whine, but shouldn't take me to long.
Raymond S. Kraft wrote:The history of the world is the history of civilizational clashes, cultural clashes. All wars are about ideas, ideas about what society and civilization should be like, and the most determined always win.

Those who are willing to be the most ruthless always win. The pacifists always lose, because the anti-pacifists kill them.
User avatar
Lueyen
Dictator in Training
Dictator in Training
 
Posts: 1793
Joined: Tue Mar 09, 2004 2:57 pm
Top

Postby Lueyen » Wed Sep 13, 2006 12:04 pm

Jay wrote:Use a treo to connect to the client network and it'll free up your computer.


This wouldn't really accomplish my goal which is to be able to send files from another machine on our network to a client machine from any workstation.
Raymond S. Kraft wrote:The history of the world is the history of civilizational clashes, cultural clashes. All wars are about ideas, ideas about what society and civilization should be like, and the most determined always win.

Those who are willing to be the most ruthless always win. The pacifists always lose, because the anti-pacifists kill them.
User avatar
Lueyen
Dictator in Training
Dictator in Training
 
Posts: 1793
Joined: Tue Mar 09, 2004 2:57 pm
Top

Postby Tikker » Wed Sep 13, 2006 1:02 pm

Lueyen wrote:
Jay wrote:Use a treo to connect to the client network and it'll free up your computer.


This wouldn't really accomplish my goal which is to be able to send files from another machine on our network to a client machine from any workstation.


erm, do you really need vpn then?

it sounds more like you need a ftp server than anything else
Tikker
NT Legend
NT Legend
 
Posts: 14294
Joined: Tue Mar 09, 2004 5:22 pm
Top

Postby Lueyen » Wed Sep 13, 2006 1:11 pm

An ftp server wouldn't really work, this is more for our tech support. We generally use either PC Anywhere or VNC to make direct connections to individual machines to fix problems or physically show the people who call in how to do something. What we do run into is that when we want to lookup something on our network (such as source code stored on one of our servers) or send something to them that is not on the workstation we have to disconnect from the VPN and either look up the info or copy the files to the workstation so that they can be sent from the local drive once reconnected.

I did find some information on configuration on Cisco's site that seems to point toward some options that have to be enable on the host side at our clients location.
Raymond S. Kraft wrote:The history of the world is the history of civilizational clashes, cultural clashes. All wars are about ideas, ideas about what society and civilization should be like, and the most determined always win.

Those who are willing to be the most ruthless always win. The pacifists always lose, because the anti-pacifists kill them.
User avatar
Lueyen
Dictator in Training
Dictator in Training
 
Posts: 1793
Joined: Tue Mar 09, 2004 2:57 pm
Top

Postby Tikker » Wed Sep 13, 2006 1:27 pm

look into WEBEX
Tikker
NT Legend
NT Legend
 
Posts: 14294
Joined: Tue Mar 09, 2004 5:22 pm
Top

Re: Cisco VPN question

Postby ClakarEQ » Wed Sep 27, 2006 9:03 am

Lueyen wrote:My office is using Ciscos VPN client to connect to our clients networks. The problem we have is that once connected to the VPN our work stations are effectively disconnected from our own network and we can only see machines on the client network.

What I'm wondering is if it's possible to be connected to both at once with single nic cards at each workstation. The biggest problem I see is that in many cases our clients are using the same ip range on their networks that we use on ours, and this would obviously make being on both at once problematic because the workstation would see duplicated IP addresses. I'm willing to renumber our network, but I'm not sure if the disconnect from our network by the vpn client is due to addressing or simply an automatic function of the vpn client it's self.


Not really sure if your question got answered but some food for thought and how I allow this at the company I work at.

For starters, you allowing both networks to be "connected" (ie. client and your native lan) means you can become a gateway between the two networks. This can very likely break SLA's or create other problems (e.g. you infect your client network with a virus, cause harm to client network ,etc etc). They more then likely do NOT want you to be connected to both networks at the same time. If they know what they are doing, you won't be able to "hack" the cisco vpn client to allow what you're asking. However you could like at other options (add a nic, etc) and even this may be thwarted by the cisco client.

Depending on how the customer configured the cisco client, it should be stopping all network access while VPN is running to ALL other networks but it's own (own meaning the customer network). This is an option via the client config from the server, I doubt you'll be able to adjust much on the cisco client unless the customers don't know how to use it.

WebEx would be a great option and not all that expensive. We use that and a combo of citrix to complete tasks like this.
ClakarEQ
NT Traveller
NT Traveller
 
Posts: 2080
Joined: Wed Mar 10, 2004 3:46 pm
Top
Post a reply

Return to Tech Support

Who is online

Users browsing this forum: No registered users and 39 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group