VPN?

Discussion in 'Networking & Security' started by heavenlykid, Jun 16, 2008.

  1. heavenlykid

    heavenlykid Limp Gawd

    Messages:
    300
    Joined:
    Mar 18, 2005
    if my vpn asigns me a 172. addy even though my other pcs on that network are on 10. addys will i still be able to file share with them?
     
  2. StarTrek4U

    StarTrek4U Gawd

    Messages:
    1,011
    Joined:
    Jan 8, 2003
    Maybe, it depends on how your network is configured. If you have routing between the two networks then yes, if not, then no. For a better answer a diagram of some sort will probably be required.
     
  3. heavenlykid

    heavenlykid Limp Gawd

    Messages:
    300
    Joined:
    Mar 18, 2005
    How do i post a diagram
     
  4. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,861
    Joined:
    Feb 19, 2004
    make a diagram, save it as a picture like jpg or png. Upload it to one of many free picture hosting sites, like ImageShack, post a link in this post. :D

    Depending on how the VPN is setup you will either be allowed local LAN access or not. Doesn't really depend on what your ip address is. Have you asked your network admin? ;)
     
  5. heavenlykid

    heavenlykid Limp Gawd

    Messages:
    300
    Joined:
    Mar 18, 2005
    I am the admin. LoL. First Time I've ever had to deal with a VPN one on one. And yes Im still green.
     
  6. Rabidfox

    Rabidfox Limp Gawd

    Messages:
    282
    Joined:
    Oct 6, 2005
    yes, you will. do a "route print" at the cmd and check out the routes, those were injected by the vpnclient and define "interesting traffic" thats routed to your vpn adapter ip (virtual) and then put into the tunnel (with UDP headers slapped around the ESP packet, usually). If they have the 10.x.x.x networks you need then you should be able to reach them.
     
  7. StarTrek4U

    StarTrek4U Gawd

    Messages:
    1,011
    Joined:
    Jan 8, 2003
    Sounds like trouble... ;)

    What devices are you using? Is this a site to site VPN or a Client VPN? I'm going to assume (and we all know what happens next) that as an admin you have a visio or some other diagram of your network so you can help us help you.

    At the very least a more detailed explanation of what you have going on and what you're trying to accomplish will be required.
     
  8. heavenlykid

    heavenlykid Limp Gawd

    Messages:
    300
    Joined:
    Mar 18, 2005
    yes i do have a visio doc but i do not want to post it on here. alot of confidential info on it. ok all i want the VPN for is so i can connect my laptop back into the network if something goes down. more or less i wanna be able to remote login to my entire network. if i vpn then i can remote desktop tp any pc inside my network atleast that is my understanding. correct me if im wrong.
     
  9. StarTrek4U

    StarTrek4U Gawd

    Messages:
    1,011
    Joined:
    Jan 8, 2003
    Then all I can say is yes it should work. It really depends on a number of factors however what you are proposing is possible.
     
  10. Rabidfox

    Rabidfox Limp Gawd

    Messages:
    282
    Joined:
    Oct 6, 2005
    what type of tunnel is it, client or L2L? If it's a client tunnel, and you're running windows, go to the command prompt and type "route print" and see if the boxes you're trying to connect to are contained in the networks that are routing to your virtual VPN interface. You can't ask general questions like "can I get to box X from box Y?" Without sharing some details or even hinting at them.

    If it's in *nix type in "netstat -nrv" and see which networks are going to your virtual vpn interface.

    If all that's too tough, look into sales or marketing, I hear they need people....


    StarTrek4U:

    This kid's in real trouble....
     
  11. StarTrek4U

    StarTrek4U Gawd

    Messages:
    1,011
    Joined:
    Jan 8, 2003
    I'm forced to agree.

    To the OP: It really sounds like you need to get a better understanding of routing and firewalling before you go any further. My worry is that when you go to set this up you will either end up bringing everything down or leaving your perimeter very exposed (intentionally or not) leaving you holding the bag on a bigger problem than when you started. If you're the lone admin for this company, get them to send you to some training or at least reimburse you for the cost of self-training materials and testing. Network+ or a CCNA might be a good place to start or an entry-level cert for whatever brand devices you use. At the very least get a decent consultant (b/c there are a ton of crappy ones) to come in and help you out with this.
     
  12. heavenlykid

    heavenlykid Limp Gawd

    Messages:
    300
    Joined:
    Mar 18, 2005
     
  13. Gott

    Gott [H]ardness Supreme

    Messages:
    4,959
    Joined:
    Feb 28, 2008
    If you have a firewall rule that allows the 172.16.0.0 subnet to reach the 10.0.0.0 subnet then yes it is possible.

    Are you setting up this VPN for work or for your home?
     
  14. StarTrek4U

    StarTrek4U Gawd

    Messages:
    1,011
    Joined:
    Jan 8, 2003
    Yes if you have the following configured:
    • Routing between the two networks on any devices that do routing in your environment
    • Firewall Rules to allow traffic between the networks (as was previously stated)
    • You know how to pass the appropriate credentials to the machines you are trying to connect to (either AD, Workgroup, etc)

    Good Luck
     
  15. heavenlykid

    heavenlykid Limp Gawd

    Messages:
    300
    Joined:
    Mar 18, 2005
    Sweet thanks for the help!! It works
     
  16. Rabidfox

    Rabidfox Limp Gawd

    Messages:
    282
    Joined:
    Oct 6, 2005
    the routes are injected by the split tunnel access-list. without specifics we can't help you. Specifics like vpn configuration, or just connecting to the vpn and checking your routing table, the acl on the outside, like startrek4u mentioned. There are quite a few different ways of doing things, you lack any pertinent details. the IP's only matter if you give us the rules/configs/whatever for what you're connecting to.
     
  17. berky

    berky 2[H]4U

    Messages:
    2,233
    Joined:
    Aug 28, 2001
    i think he's basically asking if his setup has split tunneling or full tunneling, which none of us can answer.


    if i understand him correctly, there's no routing between the two networks. the vpn 172 address is a new adapter (basically a virtual nic), and only traffic meant to go across the vpn will go there. anything else will use your default gateway or locally connected 10 network adapter. that's assuming split tunneling. if you are set up for full tunneling, then EVERYTHING will go across the vpn connection, and you will not be able to access any local shares, email, hosts, etc.
     
  18. Rabidfox

    Rabidfox Limp Gawd

    Messages:
    282
    Joined:
    Oct 6, 2005
    Well, you can get internet access while being fully tunnelled if you set it up right. Not local stuff, but everything else.