[vpn-help] newbie

Matthew Grooms mgrooms at shrew.net
Fri Dec 3 17:13:49 CST 2010 

On 12/2/2010 3:15 PM, Atif Jung wrote:
> This piece of software was a Godsend so thank you to all who developed
> it. I struggled for most of today trying to get CISCO VPN client running
> on my Windows 7 machine and every time I ran it, it would disconnect me
> from the internet. It was only after trawling through a google search
> did I see this piece of software mentioned as a possible fix, and I’m
> glad to say it did the trick.
>
> I have one question, and that is when I’m connected to Shrew my local
> machine internet access is disabled, although I can still remote desktop
> to my server. Is there anyway to continue to have internet access on my
> local machine?
>

Hi Atif,

The answer is maybe, but not easily. With Cisco VPN gateways, the 
administrator has the ability to push a network topology to the VPN 
client. Some admins choose not to do this, which means the client has no 
way of knowing what networks exist on the distant end of the tunnel. In 
other words, it's forced to send everything via the tunnel which may or 
may not cause problems for internet browsing. You could try to setup a 
static configuration of manual include topology entries under the policy 
tab of the site configuration.

A word of warning, what you are trying to do is referred to split 
tunneling. It means your machine has access to remote network resources 
via the tunnel but is still exposed to the internet. If your machine is 
compromised, it can act as a springboard for a 3rd party to gain access 
to the same remote resources via your tunnel. Preventing a split tunnel 
by not providing the topology information may be a decision on the part 
of your network administrator to mitigate such an attack. By manually 
adding a remote topology to enable split tunneling, you could possibly 
be subverting this security measure.

So in closing, the Shrew Soft client is a highly configurable. It has to 
be to inter-operate with so many different gateway platforms. But 
please, use it responsibly. When in doubt, ask your network admin for 
help when configuring the client to ensure it adheres to the required 
security guidelines.

-Matthew

More information about the vpn-help mailing list