
	Home > Ask the Networking Experts > VPNs with Lisa Phifer Questions & Answers > Can you have two VPN connections to the same machine simultaneously?

Ask The Networking Expert: Questions & Answers

EMAIL THIS

Can you have two VPN connections to the same machine simultaneously?

EXPERT RESPONSE FROM: Lisa Phifer

		Pose a Question

		Other Networking Categories

		Meet all Networking Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 03 March 2005
Can you have two VPN connections to the same machine simultaneously? I have one machine that ties into a VPN Concentrator. If I added a second NIC card, could I log in remotely to that same machine via remote software when it is connected to the VPN Concentrator? I use Cisco VPN Client software version 4.1.

EXPERT RESPONSE
First, it's generally not possible to run two different VPN Client programs on the same host simultaneously. Conceptually this is possible, but in practice, different vendor's VPN Clients tend to step on each other.

But it's often possible to configure a single VPN Client with a policy that permits more than one destination to be reached. This is known as split-tunneling. For example, the VPN policy might say all traffic sent to 192.168.0.0/24 goes over LAN #1 in the clear (no VPN), and all other traffic goes over the VPN tunnel to Concentrator XYZ. Or it could say all traffic sent to 192.168.0.0/24 goes to Concentrator XYZ, all traffic sent to 10.0.0.0/24 goes to Concentrator ABC.

To accomplish this, you'll face two challenges: one technical, one political.

The technical challenge is whether you can come up with a VPN Client policy definition that reflects what you want to do. Are the IP addresses of the two private destinations you want to use non-overlapping and static? For example, if the remote host that connects to your machine has a dynamic address, configuring a policy could be tough.

The political challenge is whether whoever owns the VPN Concentrator will let you configure a VPN Client policy with split-tunneling. Split-tunneling is a security no-no for this very reason -- the configuration you want opens a back-door because (theoretically) traffic originating in network #1 could enter through tunnel A, route through your machine, then ride tunnel B into network #2. You could prevent this host routing through careful machine and VPN policy configuration, but the fact remains that some will consider this too risky.

One last point: I'm unclear about how you want to connect from a remote host to your machine. Your machine now runs a VPN Client to reach a VPN Concentrator. Your machine could use the same VPN Client to reach another VPN Concentrator, but that wouldn't let a remote host initiate an incoming connection to your machine. Or you could use a different client/server protocol to accept incoming connections to your machine -- for example, remote desktop access or a telnet server. In that case, you'll only have one VPN tunnel, not two. However, your VPN Client policy will still need to "have a hole" to exclude the client/server protocol from VPN tunneling.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	VPNs with Lisa Phifer
	Would you consider a Microsoft VPN tunnel through a WEP encrypted access point to be secure?
	I've heard rumors that some service providers can see unencrypted VPN traffic of their customers. Is this true?
	I need to select a Cisco ADSL router which is capable of acting as a VPN server for Microsoft VPN clients that come through the Internet.
	I am having issues with the IKE communication between the two Cisco VPN concentrators.
	What about using SSL VPN with e-mail clients?
	Why can't I access my folders on the server through the VPN?
	I need a very basic VPN solution to connect two offices to allow two servers to talk to one another.
	After setting up my wireless router, I can no longer get on the VPN.
	Can one use VPN over a peer-to-peer network within a home?
	Why can't I access my company's VPN?

VPN Troubleshooting

How to maintain corporate VPN connection while printing to a private network.

Can I set up a VPN on my wireless router?

How can I get our VPN to work on Windows Vista?

To set up a VPN server, do you need two NIC cards?

How do I connect to our VPN with authentication ID?

What causes my overseas VPN connection to slow during the day?

Why has the terminal server ended my connection?

How can I access each device from my network while keeping the companies' networks secure?

VPN operating system interoperability -- Configure VPNs with Windows, Checkpoint

VPN operating system interoperability -- configure VPNs with Unix

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

virtual systems management (SearchNetworking.com)

VPN appliance (SearchNetworking.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Expert networking advice and tips for IT professionals
Visit KnowledgeStorm's comprehensive and easy to use business white paper directory.

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2000 - 2008, TechTarget \| Read our Privacy Policy