User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » Cisco VPN w/ VM help! Page [1]  
neodata686
All American
11577 Posts
user info
edit post

So I work at a client site and we are given a Cisco VPN to use to access the internal network. This runs on our company laptops. The VPN creates a single tunnel so we don't have any outside network access so my solution was running the VPN in a VM for the internal network and outside the VM for everything else (company software, email, TWW).

I'd ideally like to just have a VM running on a remote computer and just remote into that VM which runs the VPN instead of having to run the VM on my laptop (internet is fast enough, save memory, resources etc). Obviously when the VPN is running I can't remote into the actual VM. My solution is remoting into the host machine and maximizing the VM. I don't really want to do this as it ties up the host machine.

This is mostly beyond my networking knowledge. I've tried a multitude of things but how would I open up just that one port on the network adapter (not the Cisco adapter) to remote into the VM? I don't know if this is even possible.

Any suggestions? Or some direction?

2/1/2013 12:20:58 PM

Grandmaster
All American
10829 Posts
user info
edit post

Where is the VM located?

2/1/2013 12:56:19 PM

neodata686
All American
11577 Posts
user info
edit post

My living room.

2/1/2013 12:59:47 PM

neodata686
All American
11577 Posts
user info
edit post

Going to try virtualboxes remote display feature.

2/1/2013 1:54:08 PM

llama
All American
841 Posts
user info
edit post

I'm really confused as to how you have no internet access when connected to the VPN. Just set the vpn connection so that only traffic bound for that network goes over that device. Are you sure you don't have connectivity and it's not just a DNS issue?

2/1/2013 10:29:24 PM

neodata686
All American
11577 Posts
user info
edit post

It's a single tunnel VPN. It specifically cuts all traffic to all interfaces. That's the whole point of it. Maybe there's a way around but from what I'm read you can't really get around it.

2/1/2013 10:42:03 PM

smoothcrim
Universal Magnetic!
18968 Posts
user info
edit post

try setting the VPN's NIC to a metric of 100 and your LAN to 10

2/2/2013 1:07:22 AM

BobbyDigital
Thots and Prayers
41777 Posts
user info
edit post

Enable ipv6 and remote into it via ipv6, VPN tunnel shouldn't affect it

2/2/2013 1:28:48 AM

neodata686
All American
11577 Posts
user info
edit post

^interesting. Although I got virtual box working. It's built in remote display feature which is essentially hardware remote desktop let's me remote in using RDP while the vpn is connected. Pretty cool.

^^no as I said the vpn disables all interfaces. Doesn't matter the priority of them it still cuts all traffic.

2/2/2013 9:48:36 AM

BobbyDigital
Thots and Prayers
41777 Posts
user info
edit post

nice, glad to hear you got it working.

years ago i had a similar problem, but it was that when i was VPN'd into work, I couldn't print to my local network printers. The printer i had at the time supported appletalk, and I had read something about being able to use this as a workaround, since ipsec only cared about ipv4, and I was able to use appletalk as a workaround to print.

now i just have hardware VPN so it's not really a problem.

2/2/2013 10:21:15 AM

Perlith
All American
7620 Posts
user info
edit post

Quote :
" My solution is remoting into the host machine and maximizing the VM. I don't really want to do this as it ties up the host machine. "


I've done this for work machines not due to your specific situation, but because I don't want a 10+ hour operation to quit on me in middle because my network connection at home drops. I'm a bit confused how it ties up the host machine though, the VM needs ... 1GB of memory and the host machine has 4GB (guessing here)? Otherwise, RDP/VNC/most remote protocols allow you to specify the size of the screen when remoting in. And if using console access, most host machine VM software *should* allow you to dynamically resize the guest OS screen. The IPv6 suggestion was good, but, might need an alternative in future if IPv6 isn't available.



Quote :
"Enable ipv6 and remote into it via ipv6"


Ouch, that kinda defeats the definition of single tunnel. Wonder how many folks are aware of this for newly provisioned machines that install both v4 and v6. "It's a feature!". Nice suggestion though.

2/2/2013 10:32:31 AM

Master_Yoda
All American
3626 Posts
user info
edit post

I like the ipv6 idea On the bit of a workaround if ipv6 isnt available, I find that highly unlikely since everyone is moving to it. You normally now dont turn it off once its working. Might need a workaround for IPv4 in the near future though

You should be able to copy the cisco config files and install a copy. That or maybe ask your IT department to do so (always make friends with IT, might require brownies or other treats).

Just dont be running VPN on both boxes at once without permission. That will get alerted on and may get you in serious trouble.

[Edited on February 2, 2013 at 1:46 PM. Reason : ..]

2/2/2013 1:44:31 PM

neodata686
All American
11577 Posts
user info
edit post

Quote :
"I'm a bit confused how it ties up the host machine though, the VM needs ... 1GB of memory and the host machine has 4GB (guessing here)? Otherwise, RDP/VNC/most remote protocols allow you to specify the size of the screen when remoting in. And if using console access, most host machine VM software *should* allow you to dynamically resize the guest OS screen."


Eh gave the VM 2 and the host has 16. I think you're missing what i'm trying to accomplish though. The VPN completely ties up all interfaces and ports so I can't even remote into the VM naively (via a port from the host terminal or GUI) so VirtualBox allowed me to "hardware remote" using it's remote display feature which is compatible with RDP. This completely bypasses the host (VirtualBox runs in "headless" mode and just sits int he background in windows.

Prior to this I was actually remoting into the host server (the actual desktop) and loading the VM and just maximizing the window. That's what I meant by tieing up the host. This wasn't efficient.

^Eh the VPN is from our client not our actual IT. It's just a PITA to get any support from the client we just do what we do. I mean hell we've been using aircards on the client site because we haven't been able to get guest/vendor WIFI until just recently on a normal basis (which blocks the vendor VPN coincidentally). It's funny they give consultants/vendors guest wifi but then block the vendor VPN they provide to access their internal sites on non-branded laptops.

2/2/2013 3:27:17 PM

BobbyDigital
Thots and Prayers
41777 Posts
user info
edit post

Quote :
"Ouch, that kinda defeats the definition of single tunnel."


oh most definitely-- it bypasses the intended security purposes, so from the perspective of infosec, bad idea, from the standpoint of user flexibility--- usable workaround

2/4/2013 11:23:36 AM

 Message Boards » Tech Talk » Cisco VPN w/ VM help! Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.