Here is the problem, the operating system in XP. My brother is a stock broker and he has a vpn connection to a server to another firm. He needs both his vpn and his internet explorer to run at the same time so he can see current stock prices while hes on the vpn. Everytime he connects to the vpn the IE connection fails so he can no longer surf the net while the vpn is connected. So i set up a second NIC to the computer and put the DSL modem on the uplink of a hud and conneceted the NICs to the hub. My question is how do i make a connection throught the new NIC. Everytime I make a new connection it is added to the old card and not the new one...any help would be great.
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Connecting two NICs in one computer to one DSL modem.
- Thread starter rhall99SS
- Start date
<< I know that the reason the IE is disconnecting is a security precaution from the VPN server, but if i have another network card it should give a second IP address for connection to IE and not the VPN..right? >>
But how will you tell some processes to use the one card and other processes to use the other card? I may know a way to mess with routing in UNIX-like systems, but Im not sure its possible in Windows. He should definitely talk to the administrators and get their feelings on this, especially since he may be opening security holes in their network.
I see.. so it may not be possible through a windows environment. The deal is he has talked to the admin on the VPN server side. They have a software that allows clients to access their server but it doesnt work with XP so they rigged up a VPN connection for my brother. He called their admin again and they werent much help with solutions.
thanks for answering my post so quick. The other tech forum sites took days to hear one answer. So far Anandtech.com is a great place for info.
thanks for answering my post so quick. The other tech forum sites took days to hear one answer. So far Anandtech.com is a great place for info.
JustinLerner
Senior member
I don't see why it's not possible.
Yes, enabling internet access while on a company VPN is cause for termination at some businesses, but if his employer approves because internet access is necessary for his position, then they should provide support to setup this feature.
I assume he is using an IP Security Policy (in conjuction with IPSec) from his XP PC and not PPTP, but you would need to check with him and his tech support.
I assume he is not using a DSL/cable modem VPN ROUTER, but just a standard DSL/cable modem and/or router. If he uses a VPN Router, then consult the VPN Router manual for instructions or contact the equipment manufacturer on how to enable simultaneous Internet and VPN traffic.
I think if he has multiple static IP's (at least two) from his ISP, this is the best way to produce your resolution using two NIC's, especially if the IP addresses are in separate networks (not close to each other in numbering). Then while PPTP or IPSec Policy uses one IP address on one NIC for the VPN, the other static IP used for the other NIC. Then setup a separate DNS address (of the ISP) on the second NIC with appropriate netmask (separate the second NIC network from the VPN NIC network by netmask) and enable packet filtering on the NIC for specific internet traffic so that only certain internet TCP/UDP packets are Permitted or allowed to pass through the NIC (like ports 80, 8080, 8008, 443 for browsing web pages; use the Permit Only option). Whenever a port filter is added, the Enable TCP/IP filtering (All Adapters) button is automatically enabled on both adapters. This will help ensure greater safety to his company.
He could similarly filter packets on the NIC used for VPN access by adding the following filters as Permit Only: TCP 1723 and IP 47 for PPTP; and/or TCP 1701 and UDP 500 for IPSec. This will permit only VPN traffic through this NIC, but doesn't preclude the possiblity of routing packets destined for the Internet through the VPN since there is a probably a router on the company side in addition to a default DNS server for the VPN
Then you should update the ROUTE /? table for metrics and networks, which can also be done through each NIC (Local Area Connection #) icon, select the Internet Protocol TCP/IP and the Advanced option. Set a higher metric (by 1) on the VPN side.
What do you all think, would this work or not while ensuring some security and packet filtering?
Yes, enabling internet access while on a company VPN is cause for termination at some businesses, but if his employer approves because internet access is necessary for his position, then they should provide support to setup this feature.
I assume he is using an IP Security Policy (in conjuction with IPSec) from his XP PC and not PPTP, but you would need to check with him and his tech support.
I assume he is not using a DSL/cable modem VPN ROUTER, but just a standard DSL/cable modem and/or router. If he uses a VPN Router, then consult the VPN Router manual for instructions or contact the equipment manufacturer on how to enable simultaneous Internet and VPN traffic.
I think if he has multiple static IP's (at least two) from his ISP, this is the best way to produce your resolution using two NIC's, especially if the IP addresses are in separate networks (not close to each other in numbering). Then while PPTP or IPSec Policy uses one IP address on one NIC for the VPN, the other static IP used for the other NIC. Then setup a separate DNS address (of the ISP) on the second NIC with appropriate netmask (separate the second NIC network from the VPN NIC network by netmask) and enable packet filtering on the NIC for specific internet traffic so that only certain internet TCP/UDP packets are Permitted or allowed to pass through the NIC (like ports 80, 8080, 8008, 443 for browsing web pages; use the Permit Only option). Whenever a port filter is added, the Enable TCP/IP filtering (All Adapters) button is automatically enabled on both adapters. This will help ensure greater safety to his company.
He could similarly filter packets on the NIC used for VPN access by adding the following filters as Permit Only: TCP 1723 and IP 47 for PPTP; and/or TCP 1701 and UDP 500 for IPSec. This will permit only VPN traffic through this NIC, but doesn't preclude the possiblity of routing packets destined for the Internet through the VPN since there is a probably a router on the company side in addition to a default DNS server for the VPN
Then you should update the ROUTE /? table for metrics and networks, which can also be done through each NIC (Local Area Connection #) icon, select the Internet Protocol TCP/IP and the Advanced option. Set a higher metric (by 1) on the VPN side.
What do you all think, would this work or not while ensuring some security and packet filtering?
Taking the security considerations out of the picture for a sec...
Often times you can disable the routing through the VPN settings. In my 2k box here, if you check the properties of the vpn connection, go to the protocols and do advanced on the TCP/IP and there will be an option to use default gateway on remote network. What this should do is split the traffic between the two depending on destination. Don't ask me for the technicals, but I believe that's the box that does it.
I have seen a couple setups where this is the preferred method for what you are asking for, but of course ask your admins first. If this setup isn't acceptable to their security policy, then you're SOL.
There is really no good reason for, or good (easy) way to go about the 2 NIC method
Often times you can disable the routing through the VPN settings. In my 2k box here, if you check the properties of the vpn connection, go to the protocols and do advanced on the TCP/IP and there will be an option to use default gateway on remote network. What this should do is split the traffic between the two depending on destination. Don't ask me for the technicals, but I believe that's the box that does it.
I have seen a couple setups where this is the preferred method for what you are asking for, but of course ask your admins first. If this setup isn't acceptable to their security policy, then you're SOL.
There is really no good reason for, or good (easy) way to go about the 2 NIC method
JustinLerner
Senior member
The previous post I wrote was primarily for a standard DSL/cable modem router, not a VPN router.
I think Fubar's example might possibly work for your brother, but you should try it and see how it works. It's possible it may not work.
I think the default gateway of the NIC which connects via VPN should be the remote IP address (WAN address) of the VPN server of your brothers company, since the tunnel is XP PC NIC to VPN server. (If your brother's employer has internet access, he should still be able to access the web via his VPN. This is inefficient though since all internet/web traffic is then routed through the VPN and company connections. If they use a Proxy server and/or firewall, he would need to get with them to find out how to access the internet through the company routers, etc.)
----
I have no idea if the two NIC concept will work. But I think it's great to try new things that could significantly improve working conditions/environments, so if I had the same problems, I would try it! The primary benefit of the two NIC method if successful, would be faster internet access (not encrypted). The major detriment is that this opens potential holes to the employers network through his router or 2 NIC setup (depending on method). He should use packet filtering to decrease the the potential security holes that his dual NIC or 'opened' router would introduce while accessing the employer's resources via VPN.
To try the two NIC method, this is what I would do:
1>>Install the second NIC.
2>>If a DHCP server is used on the DSL/cable modem router, then I would disable the DHCP server and set static IP addressess for the local devices (IP hosts like his PC NICs). Try to separate both NIC IP addresses into separate networks.
For example 192.168.1.10 is on one network if the netmask is 255.255.255.0 while 192.168.2.10 is on another network. (If his original NIC was using a dynamic, private IP address via the DHCP server like the two listed above and he changes the IP addresses to static IPs, he may need to change the address settings on the VPN server at his company to whatever corresponds on his PC for future VPN access.)
3>>Set the second NIC to use the DSL/cable modem router local address as the gateway (the side connected to your LAN, not the side connected as the WAN port to the ISP). This address might be something like 192.168.0.1.
4>>Set the DNS servers on the second NIC to be the ISP DNS servers. Make sure 'Use Default Gateway for remote network' is selected on the second NIC (you can also try it deselected to prevent changes to the routing/metric table). Internet access should now be available through the second NIC (if not originally available/routed through the original NIC used on the VPN.)
5>>On the NIC for VPN access, de-select the option to "Use the default gateway for remote network", but on the NIC for internet access, ensure option to "Use the default gateway for remote network" is enabled.
6>>Packet filter each NIC if possible. The PPTP protocols are TCP 1723 and IP 47 and should be set to permit only on the NIC for VPN access. TCP/UDP 80, 8080, 8008, 443 would be the protocols to permit on the second NIC if he only needs to browse the web. This would ensure the greatest security for your brothers employer without using a firewall.
7>>Ensure IE uses the LAN to access the Internet, not another dial-up connection or any VPN connection in the Network and Dial-up connections (also viewable under IE connections).
---
You may still have to adjust metrics, since whenever the VPN connects while the "Use Default Gateway on remote network" is enabled, it should automatically set the VPN route to the lowest metric. With the "Use default gateway on remote network" option disabled, the metric table should not be updated, but I'm not sure. I haven't tested this, sorry. But I would also ensure that both NICs have the same metric (without Default Gateway enabled on both as a last attempt.)
---
I still have no idea if the dual NIC method will work.
I think Fubar's example might possibly work for your brother, but you should try it and see how it works. It's possible it may not work.
I think the default gateway of the NIC which connects via VPN should be the remote IP address (WAN address) of the VPN server of your brothers company, since the tunnel is XP PC NIC to VPN server. (If your brother's employer has internet access, he should still be able to access the web via his VPN. This is inefficient though since all internet/web traffic is then routed through the VPN and company connections. If they use a Proxy server and/or firewall, he would need to get with them to find out how to access the internet through the company routers, etc.)
----
I have no idea if the two NIC concept will work. But I think it's great to try new things that could significantly improve working conditions/environments, so if I had the same problems, I would try it! The primary benefit of the two NIC method if successful, would be faster internet access (not encrypted). The major detriment is that this opens potential holes to the employers network through his router or 2 NIC setup (depending on method). He should use packet filtering to decrease the the potential security holes that his dual NIC or 'opened' router would introduce while accessing the employer's resources via VPN.
To try the two NIC method, this is what I would do:
1>>Install the second NIC.
2>>If a DHCP server is used on the DSL/cable modem router, then I would disable the DHCP server and set static IP addressess for the local devices (IP hosts like his PC NICs). Try to separate both NIC IP addresses into separate networks.
For example 192.168.1.10 is on one network if the netmask is 255.255.255.0 while 192.168.2.10 is on another network. (If his original NIC was using a dynamic, private IP address via the DHCP server like the two listed above and he changes the IP addresses to static IPs, he may need to change the address settings on the VPN server at his company to whatever corresponds on his PC for future VPN access.)
3>>Set the second NIC to use the DSL/cable modem router local address as the gateway (the side connected to your LAN, not the side connected as the WAN port to the ISP). This address might be something like 192.168.0.1.
4>>Set the DNS servers on the second NIC to be the ISP DNS servers. Make sure 'Use Default Gateway for remote network' is selected on the second NIC (you can also try it deselected to prevent changes to the routing/metric table). Internet access should now be available through the second NIC (if not originally available/routed through the original NIC used on the VPN.)
5>>On the NIC for VPN access, de-select the option to "Use the default gateway for remote network", but on the NIC for internet access, ensure option to "Use the default gateway for remote network" is enabled.
6>>Packet filter each NIC if possible. The PPTP protocols are TCP 1723 and IP 47 and should be set to permit only on the NIC for VPN access. TCP/UDP 80, 8080, 8008, 443 would be the protocols to permit on the second NIC if he only needs to browse the web. This would ensure the greatest security for your brothers employer without using a firewall.
7>>Ensure IE uses the LAN to access the Internet, not another dial-up connection or any VPN connection in the Network and Dial-up connections (also viewable under IE connections).
---
You may still have to adjust metrics, since whenever the VPN connects while the "Use Default Gateway on remote network" is enabled, it should automatically set the VPN route to the lowest metric. With the "Use default gateway on remote network" option disabled, the metric table should not be updated, but I'm not sure. I haven't tested this, sorry. But I would also ensure that both NICs have the same metric (without Default Gateway enabled on both as a last attempt.)
---
I still have no idea if the dual NIC method will work.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
-
-
