[olug] OT: windows 2000, ethernet aliases, webvpn

Will Langford unfies at gmail.com
Sun Jul 27 01:08:50 UTC 2008


>
> Unless the group/profile for the third party vpn connection allows split
> tunneling, you are SOL. Since it is a Cisco Solution, I can 100%
> guarantee that is does in fact support split tunnels, however, your
> group/profile is probably not setup as so. This may be due to either
> policy or shear misconfiguration. you can check this real quick by doing
> a traceroute to a public site, such as google.com - If it in fact goes
> via the vpn tunnel you know that split tunneling is more than likely
> enabled :)
>

> That is where you need to start, you need to verify split tunneling is
> enabled. Once that step is complete, you need to ensure overlap on your
> 192.168's is avoided - using the Cisco client you can also review the
> routes(SA's) that the concentrator forces you into, it should be a tab
> called "routes"
>


tracert to google doesn't go through the vpn.  route's tab on the
cisco-vpn-client-program only discusses 10.*.  program does mention that
'split tunneling' is enabled though.

And with the route:

192.168.2.0  255.255.255.252      192.168.2.1   192.168.254.1       1

and no other route relating to it etc ... just... why it doesn't attempt to
go out the cable... its... just.... gay.

I'm going to go stab cisco.  Every employee, every piece of hardware.
Everywhere.  Then I'm going to get a time machine, go back into the past by
5 seconds, and stab it again.  Then go back another 5 seconds.... etc etc
etc.

i have this stupidly distinct impression i'm going to have change where the
webvpn is (ie: another box and not on the server with two nics) and setup
some routes for it...  or i'm going to have to change how the client
connects to the server (ie: not on the isolated network).

cause... this is stupid.

Looking more, other test things on the isolated network are also hosed.  a
test client located across the internet via just some port forwarding...
connects fine.

must stabby death cisco!

-Will



More information about the OLUG mailing list