VPN?

heavenlykid

Limp Gawd
Joined
Mar 18, 2005
Messages
300
if my vpn asigns me a 172. addy even though my other pcs on that network are on 10. addys will i still be able to file share with them?
 

StarTrek4U

Gawd
Joined
Jan 8, 2003
Messages
1,011
Maybe, it depends on how your network is configured. If you have routing between the two networks then yes, if not, then no. For a better answer a diagram of some sort will probably be required.
 
Joined
Feb 19, 2004
Messages
3,861
make a diagram, save it as a picture like jpg or png. Upload it to one of many free picture hosting sites, like ImageShack, post a link in this post. :D

Depending on how the VPN is setup you will either be allowed local LAN access or not. Doesn't really depend on what your ip address is. Have you asked your network admin? ;)
 

heavenlykid

Limp Gawd
Joined
Mar 18, 2005
Messages
300
make a diagram, save it as a picture like jpg or png. Upload it to one of many free picture hosting sites, like ImageShack, post a link in this post. :D

Depending on how the VPN is setup you will either be allowed local LAN access or not. Doesn't really depend on what your ip address is. Have you asked your network admin? ;)

I am the admin. LoL. First Time I've ever had to deal with a VPN one on one. And yes Im still green.
 

Rabidfox

Limp Gawd
Joined
Oct 6, 2005
Messages
282
yes, you will. do a "route print" at the cmd and check out the routes, those were injected by the vpnclient and define "interesting traffic" thats routed to your vpn adapter ip (virtual) and then put into the tunnel (with UDP headers slapped around the ESP packet, usually). If they have the 10.x.x.x networks you need then you should be able to reach them.
 

StarTrek4U

Gawd
Joined
Jan 8, 2003
Messages
1,011
I am the admin. LoL. First Time I've ever had to deal with a VPN one on one. And yes Im still green.

Sounds like trouble... ;)

What devices are you using? Is this a site to site VPN or a Client VPN? I'm going to assume (and we all know what happens next) that as an admin you have a visio or some other diagram of your network so you can help us help you.

At the very least a more detailed explanation of what you have going on and what you're trying to accomplish will be required.
 

heavenlykid

Limp Gawd
Joined
Mar 18, 2005
Messages
300
Sounds like trouble... ;)

What devices are you using? Is this a site to site VPN or a Client VPN? I'm going to assume (and we all know what happens next) that as an admin you have a visio or some other diagram of your network so you can help us help you.

At the very least a more detailed explanation of what you have going on and what you're trying to accomplish will be required.

yes i do have a visio doc but i do not want to post it on here. alot of confidential info on it. ok all i want the VPN for is so i can connect my laptop back into the network if something goes down. more or less i wanna be able to remote login to my entire network. if i vpn then i can remote desktop tp any pc inside my network atleast that is my understanding. correct me if im wrong.
 

StarTrek4U

Gawd
Joined
Jan 8, 2003
Messages
1,011
Then all I can say is yes it should work. It really depends on a number of factors however what you are proposing is possible.
 

Rabidfox

Limp Gawd
Joined
Oct 6, 2005
Messages
282
what type of tunnel is it, client or L2L? If it's a client tunnel, and you're running windows, go to the command prompt and type "route print" and see if the boxes you're trying to connect to are contained in the networks that are routing to your virtual VPN interface. You can't ask general questions like "can I get to box X from box Y?" Without sharing some details or even hinting at them.

If it's in *nix type in "netstat -nrv" and see which networks are going to your virtual vpn interface.

If all that's too tough, look into sales or marketing, I hear they need people....


StarTrek4U:

This kid's in real trouble....
 

StarTrek4U

Gawd
Joined
Jan 8, 2003
Messages
1,011
This kid's in real trouble....

I'm forced to agree.

To the OP: It really sounds like you need to get a better understanding of routing and firewalling before you go any further. My worry is that when you go to set this up you will either end up bringing everything down or leaving your perimeter very exposed (intentionally or not) leaving you holding the bag on a bigger problem than when you started. If you're the lone admin for this company, get them to send you to some training or at least reimburse you for the cost of self-training materials and testing. Network+ or a CCNA might be a good place to start or an entry-level cert for whatever brand devices you use. At the very least get a decent consultant (b/c there are a ton of crappy ones) to come in and help you out with this.
 

heavenlykid

Limp Gawd
Joined
Mar 18, 2005
Messages
300
If all that's too tough said:
Shhs why the bash. Thats not to tough. Here was my question to a T. If the vpn assigns me a 172.x.x.x addy and my internal pc is ip of 10.x.x.x will i be able to see shared folders on the
10.x.x.x machine when i have a 172.x.x.x ip.

here is my setup t1 connects to firewall/vpn connects to switch goes to all my pcs. when i connect to the vpn. I should be able to remote desktop or fileshare with all the pc's on the network using there internal ip addy 10.x.x.x while i myself have been assigned a
172.x.x.x
 

Gott

Supreme [H]ardness
Joined
Feb 28, 2008
Messages
4,959
If you have a firewall rule that allows the 172.16.0.0 subnet to reach the 10.0.0.0 subnet then yes it is possible.

Are you setting up this VPN for work or for your home?
 

StarTrek4U

Gawd
Joined
Jan 8, 2003
Messages
1,011
Here was my question to a T. If the vpn assigns me a 172.x.x.x addy and my internal pc is ip of 10.x.x.x will i be able to see shared folders on the
10.x.x.x machine when i have a 172.x.x.x ip.

Yes if you have the following configured:
  • Routing between the two networks on any devices that do routing in your environment
  • Firewall Rules to allow traffic between the networks (as was previously stated)
  • You know how to pass the appropriate credentials to the machines you are trying to connect to (either AD, Workgroup, etc)

Good Luck
 

heavenlykid

Limp Gawd
Joined
Mar 18, 2005
Messages
300
Yes if you have the following configured:
  • Routing between the two networks on any devices that do routing in your environment
  • Firewall Rules to allow traffic between the networks (as was previously stated)
  • You know how to pass the appropriate credentials to the machines you are trying to connect to (either AD, Workgroup, etc)

Good Luck

Sweet thanks for the help!! It works
 

Rabidfox

Limp Gawd
Joined
Oct 6, 2005
Messages
282
the routes are injected by the split tunnel access-list. without specifics we can't help you. Specifics like vpn configuration, or just connecting to the vpn and checking your routing table, the acl on the outside, like startrek4u mentioned. There are quite a few different ways of doing things, you lack any pertinent details. the IP's only matter if you give us the rules/configs/whatever for what you're connecting to.
 

berky

2[H]4U
Joined
Aug 28, 2001
Messages
2,233
Yes if you have the following configured:
  • Routing between the two networks on any devices that do routing in your environment
  • Firewall Rules to allow traffic between the networks (as was previously stated)
  • You know how to pass the appropriate credentials to the machines you are trying to connect to (either AD, Workgroup, etc)

Good Luck

i think he's basically asking if his setup has split tunneling or full tunneling, which none of us can answer.


if i understand him correctly, there's no routing between the two networks. the vpn 172 address is a new adapter (basically a virtual nic), and only traffic meant to go across the vpn will go there. anything else will use your default gateway or locally connected 10 network adapter. that's assuming split tunneling. if you are set up for full tunneling, then EVERYTHING will go across the vpn connection, and you will not be able to access any local shares, email, hosts, etc.
 

Rabidfox

Limp Gawd
Joined
Oct 6, 2005
Messages
282
Well, you can get internet access while being fully tunnelled if you set it up right. Not local stuff, but everything else.
 
Top