From: mike-newsgroup@-DELETETHISPART-.upcraft.com   
      
   StandardGreen wrote:   
   > When I'm VPN'd into my organization's network, is every bit of traffic   
   > that goes down my TCP/IP stack funneled through the tunnel (rhyme   
   > unintended) and into my org's network? Here's why I ask this:   
   >   
   > It was my understanding that any traffic that my machine generated was   
   > pumped through the tunnel because, in spite of my home machine being   
   > physically far from our LAN, the VPN by design made my computer   
   > interact with the work LAN as if it was plugged into the   
   > organization's cable plant.   
   >   
   > Predictably, while I was on the VPN anything that was blocked by my   
   > org's filtering system was blocked on my home machine because, for all   
   > intents and purposes, I was on my work LAN. Furthermore, showip.net   
   > revealed my home PC as having the external IP of my workplace's ISA   
   > server; whoising my nickname on IRC revealed my organizations address,   
   > etc.. For this reason, as well as what little I've learned about the   
   > guts of VPNs, I was under the impression that every '1' and '0' that   
   > came from my network card went through my org's network just as if I   
   > was plugged into the physical network. I didn't think that there was   
   > any discrimination as to which traffic, or protocol, or port numbers   
   > would go on the VPN or stay on my home network (except for traffic   
   > specifically pointed towards my home network IP range of   
   > 192.168.1.0/24 rather than my work range of 10.0.0.0/16).   
   >   
   > Lately I noticed that sites are no longer blocked while I'm on the   
   > VPN, but they are blocked for every non VPN user inside my workplace.   
   > I brought it up to one of my fellow IT workers who was surprised to   
   > hear it. However, another IT person disputed my understanding that all   
   > traffic generated on a VPN client went through the tunnel and onto the   
   > corporate LAN. He said that port 80 traffic didn't go through the VPN   
   > (which baffled me because of showIP.com telling that I had my org's   
   > external address instead of my home's external IP). Puzzled, I've been   
   > looking for answers.   
   >   
   > Anyone care to help me in my understanding of VPNs? Could someone   
   > share some good resources on VPNs and their behavior? Some 30,000 foot   
   > material would be good to start with (not quite "for Dummies" but not   
   > Cisco Press either).   
   >   
   >   
   > Thanks,   
   > StandardGreen   
   >   
      
   A VPN tunnel can be configured to send all or only some of the traffic   
   over the tunnelled connection.  It all depends on how the administrator   
   has set things up.  It is also possible to configure policies that are   
   different for traffic exiting the corporate LAN depending on if they   
   came from a desktop physically on site or if the traffic is from a VPN   
   tunnel into the network.  Just because a service or website is blocked   
   on site it doesn't mean that they couldn't use a different policy for   
   VPN traffic.   
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)