VPN Question/Issue

I have a scenario Question and would like to know what the answer would be - I'm mainly asking those who KNOW VPNs and work with them...

I have a network (192.168.1.x)

and I use Cisco VPN Client and vpn to network (192.168.3.x)

Now after sucessfully logging in, I RDP (remote desktop) to a remote server ip address (216.32.43.21

(<--made it up).

Once going to the cmd prompt in windows and typing in "netstat -a". you see that it can detect a remote connection from ip address 192.168.1.x! Now I see that it would be this way because you're logging into a server from your LOCAL machine, but another IT guy is telling me that it should detect a remote connection from the VPN'd address, not your own machine, because you're tunneling... Can someone verify this? THANKS!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

nice343

once you connect to a remote site with cisco VPN client, you get assigned an Ip address and the vpn vlient goes into the system tray and say connected

dtlokee

There may be a few factors here, but you should see the connection from the VPN address, not the address of the client, unless it's not using the VPN to reach the remote subnet. In your example the client will add a route to the remot classful network through the VPN. If you try to VPN to a remote destination that is not in the routing table of the PC with a next hop set to the VPN connection, it will not send it across the VPN.

I would look at "route print" to see what the next hop is to the destionation network.

There could be other things at work here, need more input

Kcolon1

Ok, let me be more detailed -

You're at home and your network is 192.168.1.0

Your computer address is 192.168.1.101

Your work network is 192.168.3.0

Server address is 212.98.23.55
(Server is not in the work network - it's located somewhere else)

Now Let's say you use Cicso VPN Client to get to your work network (192.168.3.0), and you logged in and you're connected. Done

Now on your desktop at home - you click stat > run > mstsc. You punch in 212.98.23.55

Now you're in the server that is located somewhere - like Canada or something. In that server, you open cmd and type "netstat -a". Once you do this, you scroll down and see that the server is seeing a connection from 192.168.1.101.

The debate I'm having is that I say that's correct - the server will see your own address because you're NOT using the VPN tunnel to get to this server, you're using your own network.

My co-worker says that the server is supposed to see the VPN network address (192.168.3.x) because you've tunneled to another network and it would basically (by default) "become" your ip address until your disconnect. He also says that your home computer is remotely connected to the server THROUGH the work network - so that's why it should see your connection as 192.168.3.x...

So now I'm doubting what I know...?

Netstudent

Would a tracert answer this question?

Kcolon1

Ok, so from what I'm getting out of this is:

If the computer is reaching the server through the VPN network, then yes - it would show as a 192.168.3.x address

If the computer is using another path, it would just come up as 192.169.1.101 (or the external ISP ip address)

Is this correct?

dtlokee

Yeah that s the bsic premise, the PC is going to need a method to determine what is sent via the VPN and what is sent natively to the Internet without encryption/authentication. This is where the "route print", "ipconfig /all" and "tracert" commands can come in handy to see how your PC is going to access the remote end. Now if you're using site to site VPN connections instead of a remote access VPN then I would expect to see the computer's NIC IP address because it is not the tunnel endpoint, the device acting as the VPN client (router or firewall) will be responsiable for the VPN.

Kcolon1

Also, please know that the VPN is on a 10.10.10.10 network address and has no Default gateway...

Kcolon1

dtlokee wrote:

Yeah that s the bsic premise, the PC is going to need a method to determine what is sent via the VPN and what is sent natively to the Internet without encryption/authentication. This is where the "route print", "ipconfig /all" and "tracert" commands can come in handy to see how your PC is going to access the remote end. Now if you're using site to site VPN connections instead of a remote access VPN then I would expect to see the computer's NIC IP address because it is not the tunnel endpoint, the device acting as the VPN client (router or firewall) will be responsiable for the VPN.

What method determines what is sent via VPN or Natively? What's the metod itself called? Thanks

dtlokee

Kcolon1 wrote:

dtlokee wrote:

Yeah that s the bsic premise, the PC is going to need a method to determine what is sent via the VPN and what is sent natively to the Internet without encryption/authentication. This is where the "route print", "ipconfig /all" and "tracert" commands can come in handy to see how your PC is going to access the remote end. Now if you're using site to site VPN connections instead of a remote access VPN then I would expect to see the computer's NIC IP address because it is not the tunnel endpoint, the device acting as the VPN client (router or firewall) will be responsiable for the VPN.

What method determines what is sent via VPN or Natively? What's the metod itself called? Thanks

Split tunneling? I am not sure of the qustion but when you connect via a VPN across the internet, but still want to be able to communicate with the Internet and across the VPN traffic to Internet destinations will be sent without encryption while traffic you want to send across the VPN will have the VPN headers added and the contents encrypted.

tech-airman

Kcolon1 wrote:

dtlokee wrote:

Yeah that s the bsic premise, the PC is going to need a method to determine what is sent via the VPN and what is sent natively to the Internet without encryption/authentication. This is where the "route print", "ipconfig /all" and "tracert" commands can come in handy to see how your PC is going to access the remote end. Now if you're using site to site VPN connections instead of a remote access VPN then I would expect to see the computer's NIC IP address because it is not the tunnel endpoint, the device acting as the VPN client (router or firewall) will be responsiable for the VPN.

What method determines what is sent via VPN or Natively? What's the metod itself called? Thanks

Kcolon1,

The "method" would be the encapsulation process. Let's say you're using a web browser and trying to get to techexams.net. That would probably use the non-VPN IP address. Let's say you've got a secure e-mail program with an ip address of say 192.168.3.25 configured as it's SMTP server. Then in that case, the e-mail program would probably use the VPN IP address.