OT: vpn questions (stops using my internet connection and starts using the gateways?)

[Scot L. Harris]

On Fri, 2004-07-23 at 17:07, Christopher J. Bottaro wrote:
> my system admin says split tunneling should be enabled.  now i've been
> searching for near half an hour on how to enable split tunneling and split
> dns on the cisco linux vpn client.  any ideas?
> 
> thanks.

I have not used the cisco software so I don't know how to set it up
there.  

In the Checkpoint secure remote I believe options of that type including
the DNS server IP etc were actually transfered to the client from the
firewall that accepted the VPN connections.  

By doing it that way the admin can insure their policy is being used. 
In this case it could be a security breach if your companies policy said
no split tunneling was permitted and each user could just toggle an
option on their laptop.

If it is enabled check your routing table (netstat -rn) and your
resolv.conf file to see which DNS entries you are pointing to.  I would
expect you to have a new route in your routing table pointing to your
companies intranet.  It has been awhile but I think secureremote wedged
itself in the TCP stack such that it could intercept packets and
redirect them based on its policy, encrypting them as it goes.  If the
policy permits split tunneling it would direct only packets going to the
security domain through the VPN tunnel to your intranet.  All other
packets would be passed on the TCP stack to be handled as they normally
would.

Now Cisco could be doing this completely different but I think all this
stuff has to work in a similar fashion even if the details are a little
different.

You may want to quiz the network admin some more.  

Sorry I can't be of more help.
-- 
Scot L. Harris
webid at cfl.rr.com

COBOL:
	An exercise in Artificial Inelegance.