In other words, given a VPN policy that enforces a single tunnel on a client (contrast with a "split tunnel" wherein only VPN-bound traffic goes to VPN while other traffic goes out through normal internet gateway), what's the best workaround to get back some internet connectivity on the client side?
The VPN connection client is locked down — I receive a Cisco binary for windows only, and there are no settings I can change on it to allow split tunneling. I have no access to the VPN server itself, but I can set up relatively harmless software on servers behind the VPN (i.e., on the intranet that the VPN allows me to access).
For example, the setting up of proxy server(s) IS possible on the "intranet side" of the VPN, so I assume that one alternative (call it "Alternative A") would be to go through proxy(s). But that means that each time VPN connection gets made, I need to change at least three applications (web, email, IM) to go through a proxy, and vice-versa to undo the proxying. Is there an easy way to turn on/off proxying in Firefox (web), Eudora (mail) and Trillian (IM)? Or could I do some kind of local proxy server for these, and just change an address in the "hosts" file to make the switch?
Alternatively, could some kind of routing on the client side help here? (The ipconfig output implies that the VPN client changes the nework gateway into the VPN local address, which forces all traffic into the VPN tunnel; I doubt that the gateway can be changed.)
Alternatively, is there something useful to ask the VPN admins? The policy is clear that split tunneling is out of the question, but they might help is there were some relatively easy and safe way to provide connectivity to me."