Sign in with
Sign up | Sign in
Your question

Contivity VPN Client and home network

Last response: in Networking
Share
August 20, 2004 4:34:26 PM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

Hi,

I hope someone could help because my networking knowledge is not that great.

I have a home network at home behind a Linksys router with IP addresses
starting from 192.168.1.100. I also use Contivity VPN Client to connect to
my employer's network using a smart card. The problem is that when the
Contivity VPN Client is connected I cannot access any of my home computers.
For example, I cannot map to shared drives neither by name nor by TCP/IP
address, neither I can browse web pages in any of my home web sites, e.g.
http://mypc/<mywebsite>/.

My explanation is that the reason for this is that all home LAN requests are
re-routed through Contivity VPN Client. When I stop Contivity VPN Client
everything is OK. In Contivity VPN Client Name Server Options both DNS and
WINS properties are blank.

Why is this happening and what I can do to connect to my LAN computers?
Anonymous
August 20, 2004 4:34:27 PM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

Your "Security Guy" at work has disabled "Split Tunneling" on his gateway
(and rightly so).

Which basically puts blinders on your PC so that it can ONLY "talk"
to devices on the other side of the VPN, your local stuff is blocked.

Work arounds.

A) Use a secondary protocol on your network (like IPX or NETBEUI) for
sharing.
Bind file and printer sharing to just that protocol for your network (not
TCP/IP).
The Contivity software only works with TCP/IP, it can't and won't filter
other protocols.

B) Put a second NIC in your home machine and don't "bind" the Contivity VPN
client too it.
I haven't tried this yet, it may be that you need to install the NIC after
your Contivity software is installed.
This may not even work.

C) Ask your "Security Guy" to make an exception for your network.
August 20, 2004 5:52:49 PM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

Thank you for the prompt reply.

No much luck with A). This is what I tried. I have Windows XP Pro.

1. Open Networks Connections Pannel.
2. Right-click on Local Area Connection and choose properties.
3. Install Microsoft IPX/SPX protocol.
4. Then when to advanced settings on Network Connections menu.
5. On the Adapters and Bindings tab selected Local Area Connection, then
File and Print Sharing and unchecked TCP/IP (only NWLink IPX/SPX selected).
6. Rebooted

Still cannot map to shares when Contivity is on. Am I missing something.
Want to confirm before mocking up my laptop really good :-(


"Not-My-Real-Name" <someone@micros0ft.com> wrote in message
news:npmVc.1493$KF.11607@tor-nn1.netcom.ca...
> Your "Security Guy" at work has disabled "Split Tunneling" on his gateway
> (and rightly so).
>
> Which basically puts blinders on your PC so that it can ONLY "talk"
> to devices on the other side of the VPN, your local stuff is blocked.
>
> Work arounds.
>
> A) Use a secondary protocol on your network (like IPX or NETBEUI) for
> sharing.
> Bind file and printer sharing to just that protocol for your network (not
> TCP/IP).
> The Contivity software only works with TCP/IP, it can't and won't filter
> other protocols.
>
> B) Put a second NIC in your home machine and don't "bind" the Contivity
VPN
> client too it.
> I haven't tried this yet, it may be that you need to install the NIC after
> your Contivity software is installed.
> This may not even work.
>
> C) Ask your "Security Guy" to make an exception for your network.
>
>
Related resources
Anonymous
August 20, 2004 5:52:50 PM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

Make sure ALL your PCs on your home LAN are setup to bind
"File and Printer sharing" to IPX only. Not TCP/IP

Also, all the PCs need to use the same Frame type (under advanced settings
for IPX).
They don't automagically find each other otherwise.

You can also use NETBEUI, it's on the XP CD, however it's not supported by
M$.



"Shrek" <anonymous@matrix.com> wrote in message
news:RmnVc.23077$Fg5.3874@attbi_s53...
> Thank you for the prompt reply.
>
> No much luck with A). This is what I tried. I have Windows XP Pro.
>
> 1. Open Networks Connections Pannel.
> 2. Right-click on Local Area Connection and choose properties.
> 3. Install Microsoft IPX/SPX protocol.
> 4. Then when to advanced settings on Network Connections menu.
> 5. On the Adapters and Bindings tab selected Local Area Connection, then
> File and Print Sharing and unchecked TCP/IP (only NWLink IPX/SPX
selected).
> 6. Rebooted
>
> Still cannot map to shares when Contivity is on. Am I missing something.
> Want to confirm before mocking up my laptop really good :-(
>
>
> "Not-My-Real-Name" <someone@micros0ft.com> wrote in message
> news:npmVc.1493$KF.11607@tor-nn1.netcom.ca...
> > Your "Security Guy" at work has disabled "Split Tunneling" on his
gateway
> > (and rightly so).
> >
> > Which basically puts blinders on your PC so that it can ONLY "talk"
> > to devices on the other side of the VPN, your local stuff is blocked.
> >
> > Work arounds.
> >
> > A) Use a secondary protocol on your network (like IPX or NETBEUI) for
> > sharing.
> > Bind file and printer sharing to just that protocol for your network
(not
> > TCP/IP).
> > The Contivity software only works with TCP/IP, it can't and won't filter
> > other protocols.
> >
> > B) Put a second NIC in your home machine and don't "bind" the Contivity
> VPN
> > client too it.
> > I haven't tried this yet, it may be that you need to install the NIC
after
> > your Contivity software is installed.
> > This may not even work.
> >
> > C) Ask your "Security Guy" to make an exception for your network.
> >
> >
>
>
Anonymous
August 20, 2004 5:54:05 PM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

I had the same problem ... home network behind a linksys router on a
192.168.1.x subnet, and when connected to employer via Contivity, my
home network wasn't reachable.

The cause was that my employer was also using the 192.168.1.x subnet.
Solution: change my home subnet (via the main linksys admin page) to
be in a non-conflicting range, such as 10.1.1.x

Works like a charm.

-- Sean.

"Shrek" <anonymous@matrix.com> wrote in message news:<mdmVc.52721$TI1.17570@attbi_s52>...
> Hi,
>
> I hope someone could help because my networking knowledge is not that great.
>
> I have a home network at home behind a Linksys router with IP addresses
> starting from 192.168.1.100. I also use Contivity VPN Client to connect to
> my employer's network using a smart card. The problem is that when the
> Contivity VPN Client is connected I cannot access any of my home computers.
> For example, I cannot map to shared drives neither by name nor by TCP/IP
> address, neither I can browse web pages in any of my home web sites, e.g.
> http://mypc/<mywebsite>/.
>
> My explanation is that the reason for this is that all home LAN requests are
> re-routed through Contivity VPN Client. When I stop Contivity VPN Client
> everything is OK. In Contivity VPN Client Name Server Options both DNS and
> WINS properties are blank.
>
> Why is this happening and what I can do to connect to my LAN computers?
August 20, 2004 7:22:25 PM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

Duh, of course.

Let me ask you another question. I have also an option to connect to the
corporate office by VPN instead of through Contivity. I use VPN I don't have
issues with my home network. However, it looks like when I try to browse
Internet the whole traffic is tunneled through the VPN connection and
performance deteriorates. Is there any way to configure my VPN so it directs
ONLY the corporate traffic to itself but leaves anything else through my
Local Area Connection?


"Not-My-Real-Name" <someone@micros0ft.com> wrote in message
news:p boVc.1494$KF.11668@tor-nn1.netcom.ca...
> Make sure ALL your PCs on your home LAN are setup to bind
> "File and Printer sharing" to IPX only. Not TCP/IP
>
> Also, all the PCs need to use the same Frame type (under advanced settings
> for IPX).
> They don't automagically find each other otherwise.
>
> You can also use NETBEUI, it's on the XP CD, however it's not supported by
> M$.
>
>
>
> "Shrek" <anonymous@matrix.com> wrote in message
> news:RmnVc.23077$Fg5.3874@attbi_s53...
> > Thank you for the prompt reply.
> >
> > No much luck with A). This is what I tried. I have Windows XP Pro.
> >
> > 1. Open Networks Connections Pannel.
> > 2. Right-click on Local Area Connection and choose properties.
> > 3. Install Microsoft IPX/SPX protocol.
> > 4. Then when to advanced settings on Network Connections menu.
> > 5. On the Adapters and Bindings tab selected Local Area Connection,
then
> > File and Print Sharing and unchecked TCP/IP (only NWLink IPX/SPX
> selected).
> > 6. Rebooted
> >
> > Still cannot map to shares when Contivity is on. Am I missing something.
> > Want to confirm before mocking up my laptop really good :-(
> >
> >
> > "Not-My-Real-Name" <someone@micros0ft.com> wrote in message
> > news:npmVc.1493$KF.11607@tor-nn1.netcom.ca...
> > > Your "Security Guy" at work has disabled "Split Tunneling" on his
> gateway
> > > (and rightly so).
> > >
> > > Which basically puts blinders on your PC so that it can ONLY "talk"
> > > to devices on the other side of the VPN, your local stuff is blocked.
> > >
> > > Work arounds.
> > >
> > > A) Use a secondary protocol on your network (like IPX or NETBEUI) for
> > > sharing.
> > > Bind file and printer sharing to just that protocol for your network
> (not
> > > TCP/IP).
> > > The Contivity software only works with TCP/IP, it can't and won't
filter
> > > other protocols.
> > >
> > > B) Put a second NIC in your home machine and don't "bind" the
Contivity
> > VPN
> > > client too it.
> > > I haven't tried this yet, it may be that you need to install the NIC
> after
> > > your Contivity software is installed.
> > > This may not even work.
> > >
> > > C) Ask your "Security Guy" to make an exception for your network.
> > >
> > >
> >
> >
>
>
Anonymous
August 20, 2004 7:22:26 PM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

"Shrek" <anonymous@matrix.com> wrote in message
news:RGoVc.23362$Fg5.8957@attbi_s53...
> Duh, of course.
>

OK, no problem, glad to be of assistance. Have a nice day.
August 21, 2004 12:12:21 AM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

I too am not sure the second NIC card would work as the contivity client
changes the routing table and any attempy to change after the contivity
client is started will drop the connection.


"Not-My-Real-Name" <someone@micros0ft.com> wrote in message
news:npmVc.1493$KF.11607@tor-nn1.netcom.ca...
> Your "Security Guy" at work has disabled "Split Tunneling" on his gateway
> (and rightly so).
>
> Which basically puts blinders on your PC so that it can ONLY "talk"
> to devices on the other side of the VPN, your local stuff is blocked.
>
> Work arounds.
>
> A) Use a secondary protocol on your network (like IPX or NETBEUI) for
> sharing.
> Bind file and printer sharing to just that protocol for your network (not
> TCP/IP).
> The Contivity software only works with TCP/IP, it can't and won't filter
> other protocols.
>
> B) Put a second NIC in your home machine and don't "bind" the Contivity
VPN
> client too it.
> I haven't tried this yet, it may be that you need to install the NIC after
> your Contivity software is installed.
> This may not even work.
>
> C) Ask your "Security Guy" to make an exception for your network.
>
>
August 21, 2004 8:40:26 PM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

Another good possibility is that Split Tunneling has been disabled.
With Split tunneling off, you can ONLY get data to the other end of the
VPN tunnel. All local networks are blocked. This settign is in the
Contivity concentrator, and is downloaded by the client at tunnel
initiliasation.

Mark
Sean Culhane wrote:
> I had the same problem ... home network behind a linksys router on a
> 192.168.1.x subnet, and when connected to employer via Contivity, my
> home network wasn't reachable.
>
> The cause was that my employer was also using the 192.168.1.x subnet.
> Solution: change my home subnet (via the main linksys admin page) to
> be in a non-conflicting range, such as 10.1.1.x
>
> Works like a charm.
>
> -- Sean.
>
> "Shrek" <anonymous@matrix.com> wrote in message news:<mdmVc.52721$TI1.17570@attbi_s52>...
>
>>Hi,
>>
>>I hope someone could help because my networking knowledge is not that great.
>>
>>I have a home network at home behind a Linksys router with IP addresses
>>starting from 192.168.1.100. I also use Contivity VPN Client to connect to
>>my employer's network using a smart card. The problem is that when the
>>Contivity VPN Client is connected I cannot access any of my home computers.
>>For example, I cannot map to shared drives neither by name nor by TCP/IP
>>address, neither I can browse web pages in any of my home web sites, e.g.
>>http://mypc/<mywebsite>/.
>>
>>My explanation is that the reason for this is that all home LAN requests are
>>re-routed through Contivity VPN Client. When I stop Contivity VPN Client
>>everything is OK. In Contivity VPN Client Name Server Options both DNS and
>>WINS properties are blank.
>>
>>Why is this happening and what I can do to connect to my LAN computers?
Anonymous
August 24, 2004 5:07:30 PM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

I was thinking that the 2nd card would installed and working in your home PC
BEFORE you started the VPN. You're correct that any
route add changes will cause the client to disconnect.

Anyhow the easiest workaround is the alternate protocol thing or ask
your security admin to make an exception for your network.


The Contivity driver/shim would need to be removed from
"MC" <mwclarke1@yahoo.com> wrote in message
news:maxVc.4454$%n4.2553@bignews6.bellsouth.net...
> I too am not sure the second NIC card would work as the contivity client
> changes the routing table and any attempy to change after the contivity
> client is started will drop the connection.
>
>
> "Not-My-Real-Name" <someone@micros0ft.com> wrote in message
> news:npmVc.1493$KF.11607@tor-nn1.netcom.ca...
> > Your "Security Guy" at work has disabled "Split Tunneling" on his
gateway
> > (and rightly so).
> >
> > Which basically puts blinders on your PC so that it can ONLY "talk"
> > to devices on the other side of the VPN, your local stuff is blocked.
> >
> > Work arounds.
> >
> > A) Use a secondary protocol on your network (like IPX or NETBEUI) for
> > sharing.
> > Bind file and printer sharing to just that protocol for your network
(not
> > TCP/IP).
> > The Contivity software only works with TCP/IP, it can't and won't filter
> > other protocols.
> >
> > B) Put a second NIC in your home machine and don't "bind" the Contivity
> VPN
> > client too it.
> > I haven't tried this yet, it may be that you need to install the NIC
after
> > your Contivity software is installed.
> > This may not even work.
> >
> > C) Ask your "Security Guy" to make an exception for your network.
> >
> >
>
>
August 25, 2004 5:11:36 AM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

Any way I can hack and change this setting on my machine?

"Mark" <user@127.0.0.1> wrote in message
news:4126edd2$0$27218$61ce578d@news.syd.swiftdsl.com.au...
> Another good possibility is that Split Tunneling has been disabled.
> With Split tunneling off, you can ONLY get data to the other end of the
> VPN tunnel. All local networks are blocked. This settign is in the
> Contivity concentrator, and is downloaded by the client at tunnel
> initiliasation.
>
> Mark
> Sean Culhane wrote:
> > I had the same problem ... home network behind a linksys router on a
> > 192.168.1.x subnet, and when connected to employer via Contivity, my
> > home network wasn't reachable.
> >
> > The cause was that my employer was also using the 192.168.1.x subnet.
> > Solution: change my home subnet (via the main linksys admin page) to
> > be in a non-conflicting range, such as 10.1.1.x
> >
> > Works like a charm.
> >
> > -- Sean.
> >
> > "Shrek" <anonymous@matrix.com> wrote in message
news:<mdmVc.52721$TI1.17570@attbi_s52>...
> >
> >>Hi,
> >>
> >>I hope someone could help because my networking knowledge is not that
great.
> >>
> >>I have a home network at home behind a Linksys router with IP addresses
> >>starting from 192.168.1.100. I also use Contivity VPN Client to connect
to
> >>my employer's network using a smart card. The problem is that when the
> >>Contivity VPN Client is connected I cannot access any of my home
computers.
> >>For example, I cannot map to shared drives neither by name nor by TCP/IP
> >>address, neither I can browse web pages in any of my home web sites,
e.g.
> >>http://mypc/<mywebsite>/.
> >>
> >>My explanation is that the reason for this is that all home LAN requests
are
> >>re-routed through Contivity VPN Client. When I stop Contivity VPN Client
> >>everything is OK. In Contivity VPN Client Name Server Options both DNS
and
> >>WINS properties are blank.
> >>
> >>Why is this happening and what I can do to connect to my LAN computers?
Anonymous
August 25, 2004 1:27:41 PM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

Not that I know if, it's controlled by the VPN gateway, not the client.

"Shrek" <anonymous@matrix.com> wrote in message
news:cHRWc.38854$9d6.25437@attbi_s54...
> Any way I can hack and change this setting on my machine?
>
August 27, 2004 1:39:16 AM

Archived from groups: comp.dcom.sys.nortel,comp.dcom.vpn (More info?)

No. This is a security type setting.

Mark

Shrek wrote:
> Any way I can hack and change this setting on my machine?
>
> "Mark" <user@127.0.0.1> wrote in message
> news:4126edd2$0$27218$61ce578d@news.syd.swiftdsl.com.au...
>
>>Another good possibility is that Split Tunneling has been disabled.
>>With Split tunneling off, you can ONLY get data to the other end of the
>>VPN tunnel. All local networks are blocked. This settign is in the
>>Contivity concentrator, and is downloaded by the client at tunnel
>>initiliasation.
>>
>>Mark
>>Sean Culhane wrote:
>>
>>>I had the same problem ... home network behind a linksys router on a
>>>192.168.1.x subnet, and when connected to employer via Contivity, my
>>>home network wasn't reachable.
>>>
>>>The cause was that my employer was also using the 192.168.1.x subnet.
>>>Solution: change my home subnet (via the main linksys admin page) to
>>>be in a non-conflicting range, such as 10.1.1.x
>>>
>>>Works like a charm.
>>>
>>>-- Sean.
>>>
>>>"Shrek" <anonymous@matrix.com> wrote in message
>
> news:<mdmVc.52721$TI1.17570@attbi_s52>...
>
>>>>Hi,
>>>>
>>>>I hope someone could help because my networking knowledge is not that
>
> great.
>
>>>>I have a home network at home behind a Linksys router with IP addresses
>>>>starting from 192.168.1.100. I also use Contivity VPN Client to connect
>
> to
>
>>>>my employer's network using a smart card. The problem is that when the
>>>>Contivity VPN Client is connected I cannot access any of my home
>
> computers.
>
>>>>For example, I cannot map to shared drives neither by name nor by TCP/IP
>>>>address, neither I can browse web pages in any of my home web sites,
>
> e.g.
>
>>>>http://mypc/<mywebsite>/.
>>>>
>>>>My explanation is that the reason for this is that all home LAN requests
>
> are
>
>>>>re-routed through Contivity VPN Client. When I stop Contivity VPN Client
>>>>everything is OK. In Contivity VPN Client Name Server Options both DNS
>
> and
>
>>>>WINS properties are blank.
>>>>
>>>>Why is this happening and what I can do to connect to my LAN computers?
>
>
>
!