VPN Question/Issue

Kcolon1Kcolon1 Posts: 36Member ■■□□□□□□□□
I have a scenario Question and would like to know what the answer would be - I'm mainly asking those who KNOW VPNs and work with them...

I have a network (192.168.1.x)

and I use Cisco VPN Client and vpn to network (192.168.3.x)

Now after sucessfully logging in, I RDP (remote desktop) to a remote server ip address (216.32.43.21icon_cool.gif(<--made it up).

Once going to the cmd prompt in windows and typing in "netstat -a". you see that it can detect a remote connection from ip address 192.168.1.x! Now I see that it would be this way because you're logging into a server from your LOCAL machine, but another IT guy is telling me that it should detect a remote connection from the VPN'd address, not your own machine, because you're tunneling... Can someone verify this? THANKS!

Comments

  • nice343nice343 Posts: 391Member
    once you connect to a remote site with cisco VPN client, you get assigned an Ip address and the vpn vlient goes into the system tray and say connected
    My daily blog about IT and tech stuff
    http://techintuition.com/
  • dtlokeedtlokee Posts: 2,381Member
    There may be a few factors here, but you should see the connection from the VPN address, not the address of the client, unless it's not using the VPN to reach the remote subnet. In your example the client will add a route to the remot classful network through the VPN. If you try to VPN to a remote destination that is not in the routing table of the PC with a next hop set to the VPN connection, it will not send it across the VPN.

    I would look at "route print" to see what the next hop is to the destionation network.

    There could be other things at work here, need more input
    The only easy day was yesterday!
  • Kcolon1Kcolon1 Posts: 36Member ■■□□□□□□□□
    Ok, let me be more detailed -

    You're at home and your network is 192.168.1.0

    Your computer address is 192.168.1.101

    Your work network is 192.168.3.0

    Server address is 212.98.23.55
    (Server is not in the work network - it's located somewhere else)

    Now Let's say you use Cicso VPN Client to get to your work network (192.168.3.0), and you logged in and you're connected. Done

    Now on your desktop at home - you click stat > run > mstsc. You punch in 212.98.23.55

    Now you're in the server that is located somewhere - like Canada or something. In that server, you open cmd and type "netstat -a". Once you do this, you scroll down and see that the server is seeing a connection from 192.168.1.101.

    The debate I'm having is that I say that's correct - the server will see your own address because you're NOT using the VPN tunnel to get to this server, you're using your own network.

    My co-worker says that the server is supposed to see the VPN network address (192.168.3.x) because you've tunneled to another network and it would basically (by default) "become" your ip address until your disconnect. He also says that your home computer is remotely connected to the server THROUGH the work network - so that's why it should see your connection as 192.168.3.x...

    So now I'm doubting what I know...?
  • NetstudentNetstudent Posts: 1,694Member
    Would a tracert answer this question?
    There is no place like 127.0.0.1 BUT 209.62.5.3 is my 127.0.0.1 away from 127.0.0.1!
  • Kcolon1Kcolon1 Posts: 36Member ■■□□□□□□□□
    Ok, so from what I'm getting out of this is:

    If the computer is reaching the server through the VPN network, then yes - it would show as a 192.168.3.x address

    If the computer is using another path, it would just come up as 192.169.1.101 (or the external ISP ip address)

    Is this correct?
  • dtlokeedtlokee Posts: 2,381Member
    Yeah that s the bsic premise, the PC is going to need a method to determine what is sent via the VPN and what is sent natively to the Internet without encryption/authentication. This is where the "route print", "ipconfig /all" and "tracert" commands can come in handy to see how your PC is going to access the remote end. Now if you're using site to site VPN connections instead of a remote access VPN then I would expect to see the computer's NIC IP address because it is not the tunnel endpoint, the device acting as the VPN client (router or firewall) will be responsiable for the VPN.
    The only easy day was yesterday!
  • Kcolon1Kcolon1 Posts: 36Member ■■□□□□□□□□
    Also, please know that the VPN is on a 10.10.10.10 network address and has no Default gateway...
  • Kcolon1Kcolon1 Posts: 36Member ■■□□□□□□□□
    dtlokee wrote:
    Yeah that s the bsic premise, the PC is going to need a method to determine what is sent via the VPN and what is sent natively to the Internet without encryption/authentication. This is where the "route print", "ipconfig /all" and "tracert" commands can come in handy to see how your PC is going to access the remote end. Now if you're using site to site VPN connections instead of a remote access VPN then I would expect to see the computer's NIC IP address because it is not the tunnel endpoint, the device acting as the VPN client (router or firewall) will be responsiable for the VPN.

    What method determines what is sent via VPN or Natively? What's the metod itself called? Thanks
  • dtlokeedtlokee Posts: 2,381Member
    Kcolon1 wrote:
    dtlokee wrote:
    Yeah that s the bsic premise, the PC is going to need a method to determine what is sent via the VPN and what is sent natively to the Internet without encryption/authentication. This is where the "route print", "ipconfig /all" and "tracert" commands can come in handy to see how your PC is going to access the remote end. Now if you're using site to site VPN connections instead of a remote access VPN then I would expect to see the computer's NIC IP address because it is not the tunnel endpoint, the device acting as the VPN client (router or firewall) will be responsiable for the VPN.

    What method determines what is sent via VPN or Natively? What's the metod itself called? Thanks

    Split tunneling? I am not sure of the qustion but when you connect via a VPN across the internet, but still want to be able to communicate with the Internet and across the VPN traffic to Internet destinations will be sent without encryption while traffic you want to send across the VPN will have the VPN headers added and the contents encrypted.
    The only easy day was yesterday!
  • tech-airmantech-airman Posts: 953Member
    Kcolon1 wrote:
    dtlokee wrote:
    Yeah that s the bsic premise, the PC is going to need a method to determine what is sent via the VPN and what is sent natively to the Internet without encryption/authentication. This is where the "route print", "ipconfig /all" and "tracert" commands can come in handy to see how your PC is going to access the remote end. Now if you're using site to site VPN connections instead of a remote access VPN then I would expect to see the computer's NIC IP address because it is not the tunnel endpoint, the device acting as the VPN client (router or firewall) will be responsiable for the VPN.

    What method determines what is sent via VPN or Natively? What's the metod itself called? Thanks

    Kcolon1,

    The "method" would be the encapsulation process. Let's say you're using a web browser and trying to get to techexams.net. That would probably use the non-VPN IP address. Let's say you've got a secure e-mail program with an ip address of say 192.168.3.25 configured as it's SMTP server. Then in that case, the e-mail program would probably use the VPN IP address.
Sign In or Register to comment.