On Fri, 2004-07-23 at 17:07, Christopher J. Bottaro wrote: > my system admin says split tunneling should be enabled. now i've been > searching for near half an hour on how to enable split tunneling and split > dns on the cisco linux vpn client. any ideas? > > thanks. I have not used the cisco software so I don't know how to set it up there. In the Checkpoint secure remote I believe options of that type including the DNS server IP etc were actually transfered to the client from the firewall that accepted the VPN connections. By doing it that way the admin can insure their policy is being used. In this case it could be a security breach if your companies policy said no split tunneling was permitted and each user could just toggle an option on their laptop. If it is enabled check your routing table (netstat -rn) and your resolv.conf file to see which DNS entries you are pointing to. I would expect you to have a new route in your routing table pointing to your companies intranet. It has been awhile but I think secureremote wedged itself in the TCP stack such that it could intercept packets and redirect them based on its policy, encrypting them as it goes. If the policy permits split tunneling it would direct only packets going to the security domain through the VPN tunnel to your intranet. All other packets would be passed on the TCP stack to be handled as they normally would. Now Cisco could be doing this completely different but I think all this stuff has to work in a similar fashion even if the details are a little different. You may want to quiz the network admin some more. Sorry I can't be of more help. -- Scot L. Harris webid@xxxxxxxxxx COBOL: An exercise in Artificial Inelegance.
