On 12/2/2010 3:15 PM, Atif Jung wrote:
This piece of software was a Godsend so thank you to all who developed
it. I struggled for most of today trying to get CISCO VPN client running
on my Windows 7 machine and every time I ran it, it would disconnect me
from the internet. It was only after trawling through a google search
did I see this piece of software mentioned as a possible fix, and I’m
glad to say it did the trick.
I have one question, and that is when I’m connected to Shrew my local
machine internet access is disabled, although I can still remote desktop
to my server. Is there anyway to continue to have internet access on my
local machine?
Hi Atif,
The answer is maybe, but not easily. With Cisco VPN gateways, the
administrator has the ability to push a network topology to the VPN
client. Some admins choose not to do this, which means the client has no
way of knowing what networks exist on the distant end of the tunnel. In
other words, it's forced to send everything via the tunnel which may or
may not cause problems for internet browsing. You could try to setup a
static configuration of manual include topology entries under the policy
tab of the site configuration.
A word of warning, what you are trying to do is referred to split
tunneling. It means your machine has access to remote network resources
via the tunnel but is still exposed to the internet. If your machine is
compromised, it can act as a springboard for a 3rd party to gain access
to the same remote resources via your tunnel. Preventing a split tunnel
by not providing the topology information may be a decision on the part
of your network administrator to mitigate such an attack. By manually
adding a remote topology to enable split tunneling, you could possibly
be subverting this security measure.
So in closing, the Shrew Soft client is a highly configurable. It has to
be to inter-operate with so many different gateway platforms. But
please, use it responsibly. When in doubt, ask your network admin for
help when configuring the client to ensure it adheres to the required
security guidelines.
-Matthew
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
