jaffe001 Posted August 2, 2009 Report Share Posted August 2, 2009 I am running Retrospect 6.1.230 on a Macbook pro with OS 10.5.7, and have a windows client 7.6 on a Windows machine with Windows XP. When I connect through VPN with a Cisco VPN client on the Windows machine, the Retrospect program does not recognize the Windows client. As soon as I disconnect the VPN, Retrospect immediately recognizes the Windows client. Is there any way to keep the VPN connection on, and run Retrospect at the same time? Quote Link to comment Share on other sites More sharing options...
Lennart_T Posted August 3, 2009 Report Share Posted August 3, 2009 That is the way VPN works: It directs ALL network traffic through VPN. It doesn't reach the LAN at all. This isn't a Retrospect problem. Some (a few) VPN clients has the ability to be set up to direct the "correct" traffic through VPN and the rest goes to the LAN. Check with CISCO. Quote Link to comment Share on other sites More sharing options...
rhwalker Posted August 3, 2009 Report Share Posted August 3, 2009 I am running Retrospect 6.1.230 on a Macbook pro with OS 10.5.7, and have a windows client 7.6 on a Windows machine with Windows XP. When I connect through VPN with a Cisco VPN client on the Windows machine, the Retrospect program does not recognize the Windows client. As soon as I disconnect the VPN, Retrospect immediately recognizes the Windows client. Is there any way to keep the VPN connection on, and run Retrospect at the same time? It's not a Retrospect issue; it's a VPN issue. Consult the configuration notes for your VPN client. While you haven't provided enough details of your setup, I would bet that your VPN client is configured with a same subnet for your LAN as for the remote VPN endpoint, which causes all of your LAN traffic for the Windows machine to be routed through the tunnel. One option, if this is your current configuration, might be to set up your local LAN to have a different subnet address than your VPN endpoint. Some VPN clients, for security reasons, are intentionally configured to only allow traffic through the VPN tunnel when the tunnel is up, so as to prevent malicious access from other sources (the WAN, via the LAN, to the VPN client machine, then through the tunnel) to the remote endpoint. Another alternative might be to get a VPN appliance (SonicWALL, Linksys, etc.) to establish the VPN tunnel, with your LAN behind that appliance, so that LAN traffic (including Retrospect traffic) could flow freely without using the VPN client on the Windows machine. Consult your network administrator who set up the VPN configuration for details for your specific setup. Russ Quote Link to comment Share on other sites More sharing options...
jaffe001 Posted August 3, 2009 Author Report Share Posted August 3, 2009 Russ, Thanks for the information-I will talk to the network administrator to see how the VPN is configured. Glenn Quote Link to comment Share on other sites More sharing options...
rhwalker Posted August 4, 2009 Report Share Posted August 4, 2009 Here's the insight to consider: The decision that a VPN client has to make on the front end of the tunnel is exactly the same as the decision that a router has to make (because the VPN client is acting as a router). When it sees a packet coming through the network stack, it has to make a decision whether to pass the packet through the tunnel or not. If your local LAN has the same subnet as the remote end of the tunnel, the VPN client has no choice but to route the packet through the tunnel to what, it believes, is the rest of that subnet. Routing decisions are very simple (for speed) and are based only on the network (subnet), not on the IP address within the subnet. While I don't run the Cisco VPN client, I do run the Equinux "VPN Tracker" client at my home to connect to our firm's SonicWALL firewall (and, through that, to our LAN). The way I solved this was to give my home LAN a different subnet from our office LAN (ditto for the other members of our firm who use VPN Tracker from their homes - they got different home LAN subnets from our office and also different from my home). That way, we were (and are) able to mount volumes at our homes from other users' homes, and also to access their local resources (printers, etc.) and also to access resources on our office LAN. In fact, I am able to do Retrospect actions through the tunnel (backup / restore) for Retrospect running on our Office's Xserve, but not as a routine occurrence because it is painfully slow through the VPN tunnel with Retrospect. Certainly not GigE speeds as on a LAN. Russ Quote Link to comment Share on other sites More sharing options...
jaffe001 Posted August 5, 2009 Author Report Share Posted August 5, 2009 Thanks-very helpful Glenn Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.