Force traffic away from VPN tunnel

1

0

Possible Duplicate:
How to use one connection to the internet for VPN and another for accessing other websites?

I use the Cisco Any Connect VPN client, version 2.5.2011, for work. My company also uses a draconian firewall called "IronPort" for all traffic — including SSL traffic — on my work domain.

I just use a VPN tunnel for remote desktop connections. Is there any way to force all other traffic through my local connection and not the tunnel? The problem is, as soon as I connect to the VPN, my local browser has to go out Ironport and Websense.

My computer is running Windows 7 Home Premium.

javamonkey79

Posted 2011-10-17T16:07:58.893

Reputation: 909

Question was closed 2011-10-18T03:59:54.220

Answers

3

Like Harrymc points out in the linked question in his comment, you need to look into "split-tunneling" to get your computer to use your local gateway instead of the company's gateway (through the VPN) to get out to the Internet. But having said that...

The Cisco Any Connect VPN client can be (and usually is) configured from the server-side by the IT staff. They have to allow you to be able to split-tunnel, and they can hard-set it to not allow other Internet access while the VPN is connected (more secure, as it disallows you letting 'nasties' in on your Internet connection, and then into their network through the VPN, bypassing their public firewalls, anti-malware solutions, etc. So, you'll very likely have to talk to the folks in charge of the 'other end' of that VPN to get it working.

Ƭᴇcʜιᴇ007

Posted 2011-10-17T16:07:58.893

Reputation: 103 763

I think this is wrong. As long as your user is the local Admin, you can always set your own routes no matter how the VPN client messes it up. Unless the client takes over the system's stack, you can always use the way suggested by Kyle to bypass any restrictions. – billc.cn – 2011-10-17T23:54:07.573

There might be a way to do this if hacked properly, but bottom line is I've talked to our networking guys and it would be a violation of our security policies so I guess I have to throw in the towel on this one :( – javamonkey79 – 2011-10-18T00:22:08.507

Asked: 2011-10-17T16:07:58.893

Viewed: 1 785 times

Active: 2012-03-09T21:50:17.747