?
Solved

2 NICs, one w/ VPN the other w/ normal web traffic?

Posted on 2006-05-09
6
Medium Priority
?
940 Views
Last Modified: 2013-12-23
So I'm a developer.  Our db is only accessible locally through our VPN.  In order to develop my apps on a local machine I must be connected to the VPN.  However, this also re-routes ALL of my internet traffic through our VPN and out through our data center where we pay pro-rated bandwidth. This adds quite a bit of load time to every web request I make, and costs us for the bandwidth usage.  Our data center is located half-way across the country.

What I'm wondering is if I am able to bind the VPN to one NIC, and my normal Internet connection to another NIC?  I have a laptop with wireless - that I would like to send my normal web traffic through, and then use my LAN port (a different NIC) to be dedicated to the VPN connection?  Is this possible?

Would I need to setup a local proxy or possibly modify the routing tables somehow?  Changing the settings of our company VPN is unfortunately not an option.
Any ideas on this?
0
Comment
Question by:qumpus
  • 3
  • 3
6 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 2000 total points
ID: 16643765
hi qumpus,

you actually do not need another NIC to separate your internet traffic from your VPN based extranet. what you need to do is just to specify two routes in your routing table.

i suppose that your local internet gateway is 192.168.1.1, your local VPN gatway is 192.168.1.2, your database is located at another subnet e.g. 192.168.2.x, then you just run the following ROUTE commands in a command prompt window:

ROUTE ADD 0.0.0.0 MASK 0.0.0.0 192.168.1.1
ROUTE ADD 192.168.2.0 MASK 255.255.255.0 192.168.1.2

hope it helps,
bbao
0
 

Author Comment

by:qumpus
ID: 16643905
bbao,

Thanks for the comments, this is really great news!  I am on a small network in the office here, so to be sure - these routing tables are machine specific, and would not affect the rest of our LAN users?

My internet gateway is 2.1
VPN gateway is 17.21
but the VPN mask is 255.255.255.255

so my route cmds would look like this, right?

// '0' mask would tell it to send all traffic through normal internet?
ROUTE ADD 0.0.0.0 MASK 0.0.0.0 192.168.2.1

// 255.0 mask would ???
ROUTE ADD 192.168.17.21 MASK 255.255.255.0 192.168.2.1

Once connected to the VPN, the IP's I would access are 18.x & 19.x

Thanks bbao!!!
0
 

Author Comment

by:qumpus
ID: 16644282
bbao,

disregard the last comment... I figured it out - thank you so much!

-qumpus
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 37

Expert Comment

by:bbao
ID: 16645846
glad to help. :)

FYI:
> these routing tables are machine specific, and would not affect the rest of our LAN users?

yes. no worries about other LAN users.

> My internet gateway is 2.1
> VPN gateway is 17.21
> but the VPN mask is 255.255.255.255
> Once connected to the VPN, the IP's I would access are 18.x & 19.x

it seems your VPN is dial-up based, right? i suppose the related ROUTE commands would look like the followings:

ROUTE ADD 0.0.0.0 MASK 0.0.0.0 192.168.2.1
ROUTE ADD 192.168.16.0 MASK 255.255.252.0 192.168.17.21
0
 

Author Comment

by:qumpus
ID: 16651114
bbao,

Although I really did like this routing table solution, our network admin informed me that this was extremely insecure and will not allow me to use this method.  It opens up a security hole allowing others to 'piggyback' on the connection allowing them into our private network.

This is the article he forwarded me which explains why this method does not work.
http://www.isaserver.org/tutorials/2004fixipsectunnel.html

Are there any other solutions that would be more safe and seucre?
0
 
LVL 37

Expert Comment

by:bbao
ID: 16658921
yes. it is possible that a malicious user may indirectly access your VPN based extranet through your computer which connects the internet and the VPN at the same time, ONLY IF your computer has been stoned/controlled by the user's trojan program or similar software.

please note the condition that ONLY IF introduced. the risk is not caused by this routing table solution, it is cause by the vulnerability of your computer. in other words, you may have the exact same problem if you access the internet through  the VPN via the internet gateway at the remote site, though the overall performance is not what you expected. even so, it is NOT secure too, because you are connected.

e.g. your IE's configuration is weak, so accessing a dangerous web site may lead your IE to be stoned by a malicious agent program which can unknowingly gather sensitive information from the network your computer/it can access, including your LAN and the VPN, and securely send them out to a specific external site. this might happen even you access the internet through your VPN, same thing, except that the lower performance which might cause the infection process going a bit slower, hehe.

as for the ICS and routing issue that article mentioned, it is NOT related to your scenario. you have NO ICS enabled. you use DUN (Dail-UP Network) based VPN, which is not routable, and additionally, your XP's routing is NOT enabled by default.

so what i recommend is: if your data is really sensitive and you must keep away from any possibility of privacy issue, do NOT connect the internet and internal network at the SAME time. otherwise, just keep your computer fully patched and not accessing untrusted sites, and enjoy working and surfing at the same time. :)

hope it helps,
bbao
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question