• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 258
  • Last Modified:

VPN Question

I have a question about VPN's if I may, I know this will be a very easy question to answer for experts on the subject.

If I am on a computer that has Internet, and then I connect to a VPN (through a cisco or built in windows client), then does ALL of my network traffic automatically route through the VPN I am actively connected to? Are there exceptions? If all traffic routes through the VPN, am I correct in thinking you couldn't have two VPN connections (as you can only have one gateway?)

Thanks.
0
ouch_mybrain_
Asked:
ouch_mybrain_
6 Solutions
 
Ski_ManCommented:
Yep you are correct. As far as i'm aware there are no exceptions.
0
 
John HurstBusiness Consultant (Owner)Commented:
>>>> then does ALL of my network traffic automatically route through the VPN I am actively connected to?

It depends on the VPN. With Microsoft VPN, yes. With IPSec VPN and split tunneling, no. Split tunneling routes internet traffic through the internet and company traffic through the VPN. I like IPSec better than PPTP and this is one of the reasons.

>>> am I correct in thinking you couldn't have two VPN connections  <-- to the same host?  I think you can only have one connection.

... Thinkpads_User
0
 
PapertripCommented:
If I am on a computer that has Internet, and then I connect to a VPN (through a cisco or built in windows client), then does ALL of my network traffic automatically route through the VPN I am actively connected to?

No, all that happens is routes are created for the VPN network and a new interface created to route them them through.  If your destination is not on one of those networks that is strictly for the VPN, then traffic will go out whatever interfaces it would as if the VPN was not connected.  Odds are the VPN is also going to set your name servers to ones for the VPN, so any DNS request you make could still be logged someplace on the other side of the VPN.

You can have 2 VPN's at once and all should work fine if the routes are setup properly and there is no overlap of routes/subnets between VPN networks.

All of this however is assuming that the person who setup your VPN didn't create some ridiculous routing policies that really does route all of your traffic over it, but that would be really really dumb... but possible.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
ZephyrTCCommented:
It really depends more on the configuration of the VPN you are accessing.  The destination site would have rules in place that will dictate which IP address range(s) that are sent through the VPN tunnel when you connect.  This can be just the corporate network, or it can be ALL addresses.  In some environments, VPN connectivity forces even internet traffic to be routed through the VPN and subsequently through the corporate internet connection for security reasons.

On your question about if you can connect two VPNs at one time, its not advisable.
0
 
csg-techCommented:
You can configure the Microsoft VPN client to do split tunneling. When configuring the Properties, on the Networking tab highlight Internet Protocol (TCP/IP) , click Properties, then Advanced. On the General tab, de-select "Use default gateway on remote network".
0
 
ouch_mybrain_Author Commented:
I suppose in order for me to prove what is and isn't running through the VPN connection, I could run a traceroute or a netstat? Or if not, is there a bit of software that can do this?
0
 
PapertripCommented:
Absolutely.

netstat -rn

Open in new window

0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now