Unsolvable problem??

M

Mmartin

n00b
Joined
Feb 12, 2006
Messages
4
First let me say that I am not trying to break through security or violate some kind of company policy.

Here is the problem we have a program here at work that we use, and when you open this program it connects to our contractor via a VPN, we where told that this VPN tunnels (?) to the server. That’s fine I guess, but when it does this it creates a problem for us.

Before you open this program you have access to any network resource you need, network printer, shared drives, e-mail, internet, etc; after you open the program you can no longer access any network resource.

We are trying to setup some kind of way that can have a local file sharing network while this program is on, so we can print and access information from an access database over a network. It is a small group of PC's 10-20 that would need to be set up on this. We don’t need internet access or anything just a local file sharing network.

Using ipconfig you can see that once the program is open it changes the DNS suffix, subnet mask, and the IP address. Thus kicking us off our network and linking to theirs.

Since this is a program we use to connect to our contractor and it was provided by the contractor we are not able to make changes to the program.

What we have already tried unsuccessfully is setting up a second NIC card in the PC with a local router, hoping to basically have a peer-to-peer network on the second card. At first it looked like it would was going to work, with program not running the router and the NIC card were communicating, but as soon the program (and thus the VPN) were started the second NIC card and router could no longer see each other. The second NIC cards address stayed the same as before the program was started but you could no longer ping the router.

Are there any ideas on what could be set up so that we could have this local File sharing network when the VPN is up?

Any help would very very appreciate.

Thanks
 
Split tunneling needs to be enabled to allow access to local network resources while the VPN is active on the client computer. This would be a setting on the firewall/concentrator the VPN client connects to though.
 
Mmartin said:
First let me say that I am not trying to break through security or violate some kind of company policy
<snip>
Since this is a program we use to connect to our contractor and it was provided by the contractor we are not able to make changes to the program.
<snip>
Any help would very very appreciate.
Click to expand...

Did you actually ask the contractor about it? Maybe I'm crazy but it would seem if it was allowed that this would be a simple fix for them wouldn't it?
 
To enable split tunneling, we would have to request that the contractor to do it?

Is there any other way? It doesn't effect them and they didnt seem to interested in helping us out at all. Other then they said we don't know; that's how it's set up.
 
Mmartin said:
To enable split tunneling, we would have to request that the contractor to do it?

Is there any other way? It doesn't effect them and they didnt seem to interested in helping us out at all. Other then they said we don't know; that's how it's set up.
Click to expand...

Yes, you need to contact the contractor in regards to enabling split tunneling.

Did they have you install VPN software or are they using built in VPN client in Windows?What OS is this?
 
Just login to your firewall and enable it. Not rocket science.
 
Mmartin said:
To enable split tunneling, we would have to request that the contractor to do it?

Is there any other way? It doesn't effect them and they didnt seem to interested in helping us out at all. Other then they said we don't know; that's how it's set up.
Click to expand...

Well if your affraid to ask them, then it dose seem like your trying to get arround something your not sapose to be :confused:
 
Mmartin said:
Is there any other way? It doesn't effect them and they didnt seem to interested in helping us out at all. Other then they said we don't know; that's how it's set up.
Click to expand...

Yes it does affect them. It opens up their network to anyone who has access to your network.
 
Yes we did ask them and they blew us off, I understand that split-tunneling would effect them because then they would be vunerable, which is probably why they didn't want to help and acted like they has no idea what they could do to help.

SJconsultant we do install Nortel Networks contivity VPN client on our PC (XP pro) and then configure it to connect to the host.

To get them to open up split-tunneling would be like pulling teeth, it would be less expensive to work around it rather then put together a business case for split-tunneling.

Any thing else we can do?

I appreciate all the replies. Thanks for the help.
 
Mmartin said:
To get them to open up split-tunneling would be like pulling teeth, it would be less expensive to work around it rather then put together a business case for split-tunneling.

Any thing else we can do?
Click to expand...

If that is the way they have their network setup there is literally nothing you can do since the client software (which is in their control) ultimately is what "disconnects" the workstation from your LAN.

Not to mention I should think they have a clause somewhere in their contract or usage agreement that specifically prohibits attempting to "work around" any security they have in place.
 
I guess you guys are right.

I will start building a business case to have them open it up a little bit.

You don't have to tell me how, but is there a way to get around that. I mean is it even possible?
 
Mmartin said:
I guess you guys are right.

I will start building a business case to have them open it up a little bit.

You don't have to tell me how, but is there a way to get around that. I mean is it even possible?
Click to expand...

Nothing is impossible, however it's not allowed to be discussed as per the rules here.
 
You must log in or register to reply here.
Back
Top