I've recently moved to a new jobsite and once management learned I had some computer experience, I was tapped to resolve some client issues on the remote site. They are using Cisco's VPN client (V 5.0.03.0530) to connect to corporate to access Oracle among other things, but once connected to the VPN they are struggling with some limitations due to the fact that split tunneling is not enabled for security reasons (or so I'm told). The company "IT guy" is not very helpful, so I am reaching out to anyone who could offer some advice.
The hardware architecture is layed out as follows: A Clear Communications wireless reciever is the internet connection which has a Belkin wireless router plugged into it. The only devices connected directly to the Belkin router are a laptop and a Canon ImageRunner C3380. The laptop also has a USB cable connected to the Canon copier. All PCs in the site trailer are on the wireless network created by the Belkin router and utilize the built-in wireless on the laptops or a wireless dongle for the desktop PCs.
After some research I deduced that the laptop that is plugged into the Belkin router as well as connected via USB to the Canon copier serves as a pseudo print server because of the VPN split tunneling being disabled. For scanning purposes they have installed Canon's Color Network Scangear on the laptop that is hardwired via USB to the copier. If scanning is needed, the VPN connection on the laptop needs to be disconnected and once this is done everyone in the office loses the ability to print to the copier.
In a perfect world, all the PCs would be connected to the copier via USB, thus removing the VPN completely from the picture. My questions are: Is this the optimum setup? Are there other hardware options I should be looking into? Because of slow connectivity (large files being sent to the copier for printing) I've been asked if going to a traditional wired network rather than wireless would be more effective. What challeneges would I face in dealing with this VPN if I dropped a Cisco 24 port switch into the mix and ran CAT5 cable to all PCs? If I did install the switch, is there a way to configure all machines with a dual NIC setup to where the NIC using the CAT 5 cable would ignore the VPN connection or does a VPN connection without split tunneling enabled basically draw ALL network traffic? I suspect that's why the VPN has to be disconnected on the laptop in order to scan docs on the copier because the software (Network Scangear) only sees the printer via IP address (no other option in the software configuration) rather than the USB port.
Thank you for any and all help, hints, tips or fixes!
As you guess, when not using split tunneling. All traffic from the VPN client PC will go over the tunnel.
Some companys does not allow split tunneling in their security policy. Because someone could connect to the computer from the outside (via a trojan or similar) and then get access to the corporate office that way.
Putting in a switch will not help with the vpn client not using split tunneling. (having to turn the VPN off for other user to print)
But a tradition wired network could possibly help with performance issues on wireless.
But you might want to try and change the AP's channel before investing any money.
It could be that there is some interference, that might not be there on another channel.
The usefull channels for wireless are 1, 6 and 11.
The performance of wireless also depends on the number of users, and also what type of wireless.
802.11b, 802.11g, 802.11a, 802.11n
The 802.11b is an old standard only supporting 11mbits half duplex. And I would say its not really suited for multiple users in todays computer enviroments. Also even if you have an somewhat newer 802.11g access point, it will default back to 802.11b if a user with that type of wireless NIC connects to the WLAN.
Is there only 1 client that needs to access the corporate network via VPN?
If there are a number of users that connect via VPN client, there might be room for making a case for implementing a site-2-site vpn.
This would move the VPN out to the router and leave the clients free to use the local LAN.
If thats not an option, you might want to look into a printer/copier that has a LAN connection.
Game on! As a part of Cisco Live US auxiliary programs, we invite you to learn new technologies and obtain hands-on experience in a fun way by playing Capture the Flag (CTF).
Your mission: solve interesting challenges based on use-cases, technologies and ...
Hi,I'm trying to setup a cellular connection on my Cisco 1111 router.The interface is UP and it gets a private IPv4 and a public IPv6 address.If I try to send something on IPv4 through the cellular interface it works fine.But there seems to be an issue wi...
For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print, Print to PDF or copy and paste to any other document format you like.
Is your WAN ready for a multicloud transformation?
Network Insider Live Webinar
Tuesday, July 21, 2020 10:00 am Pacific Time (San Francisco, GMT-08:00)
This webinar will show how convergence between SD-WAN and Security is emerging as important new SASE a...