: David Rothman <[EMAIL PROTECTED]>
: on my home lan i can use vpn to go from my main machine (win 2000 pro)
: to a win98 machine. on that win98 i can run cisco vpn 2000 client
: window to attach to a corporate vpn. i'd like to access the vpn
: remotely by attaching to the win 98 machine via vnc and then run the
: cisco client. problem is that after i attach via vnc and then run the
: cisco client, i then enter a password and the connection via VNC goes dead.
Because the win98 box has (virtually) submerged behind the corporate firewall.
That's the whole point of VPN: once it's running, the machine it is
running on is made to appear as if it were inside the corporate firewall.
If it allowed external IP connections to persist, it wouldn't be
inside the firewall, by defnintion. It would be a method of
breaching the firewall and breaking security.
Or look at it this way. When running under VPN, your machine is
assigned a new IP which is routed-to from inside the firewall.
The tcp connection that vnc established was to the old IP, and
is routed-to from outside the firewall. It *shouldn't* persist;
the VPN isn't doing it's job if it does.
( There is a thing called (IIRC) "split IP tunneling" which
does pretty much what you want; it allows the VPNed machine
to use connections via both of its IPs. It's hard to get right,
and often, it is disallowed by policy. )
: r there any workarounds i can try?
Assuming you can get the administrator of the VPN server to agree,
perhaps he will allow you to use split IP tunneling. If not...
Next simplest would be if you could just use the vpn client from your laptop.
Otherwise, if you really need the win98 machine to be the one actually
interacting, next simplest would be to initiate the VPN on the win98
machine (which will terminate your VNC session), then get in through the
fireall by running another copy of the VPN client on your laptop (or by
ssh, if you can't use VNC on the laptop), and re-establish your
connection via the new IP, using a secured pathway through the firewall.
Good thing that VNC sessions are robust against interruptions...
If that isn't feasible, perhaps you can run the viewer in listen mode,
and arrange (after a suitable timeout) for the server to contact your
laptop to re-establish contact; again, depending on the fact that a VNC
session is interruptable.
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
