|
Posted by Diego Balgera on March 4, 2008, 4:53 am
Please log in for more thread options
Hi,
my question is about the "local lan access" using the Cisco VPN client.
When I establish the VPN, all the traffic is injected in the IPSec VPN.
Checking the VPN client status (Status / statistics) I see that:
- in "tunnel details", the local LAN is disabled (nothing changes if I
enable the "allow local LAN access" in the VPN client profile, as it is
overwritten by the VPN gateway administrator)
- in "route details", the whole traffic is secured (no local lan routes
and 0.0.0.0/0.0.0.0 in the secured routes)
However, I do need to access some resources locally and changing the
configuration of the VPN gateway (allow the local LAN and add local lan
routes) is unfortunately not an option :-((
Referring to the VPN client documentation, it states: "this feature
(local LAN access) works only on one NIC card, the same NIC card as the
tunnel". So I added a second NIC and configured the routing to the local
resources via this second NIC but no way: when the VPN is established
via the primary card still the access to local resources is prevented. I
see that the routing table is correct and - when I initiate the traffic
- only the arp entry appears showing that the local resource is being
contacted via the second card but no IP traffic is initiated on that
path ... :-(
Do you know a possible solution / workaround to access the local
resources in this scenario, by using a second NIC card or with whatever
else solution?
Thank you in advance!
Best regards.
Diego.
|
|
Posted by Brian V on March 4, 2008, 7:45 am
Please log in for more thread options
> Hi,
> my question is about the "local lan access" using the Cisco VPN client.
> When I establish the VPN, all the traffic is injected in the IPSec VPN.
> Checking the VPN client status (Status / statistics) I see that:
> - in "tunnel details", the local LAN is disabled (nothing changes if I
> enable the "allow local LAN access" in the VPN client profile, as it is
> overwritten by the VPN gateway administrator)
> - in "route details", the whole traffic is secured (no local lan routes
> and 0.0.0.0/0.0.0.0 in the secured routes)
> However, I do need to access some resources locally and changing the
> configuration of the VPN gateway (allow the local LAN and add local lan
> routes) is unfortunately not an option :-((
> Referring to the VPN client documentation, it states: "this feature
> (local LAN access) works only on one NIC card, the same NIC card as the
> tunnel". So I added a second NIC and configured the routing to the local
> resources via this second NIC but no way: when the VPN is established
> via the primary card still the access to local resources is prevented. I
> see that the routing table is correct and - when I initiate the traffic
> - only the arp entry appears showing that the local resource is being
> contacted via the second card but no IP traffic is initiated on that
> path ... :-(
> Do you know a possible solution / workaround to access the local
> resources in this scenario, by using a second NIC card or with whatever
> else solution?
> Thank you in advance!
> Best regards.
> Diego.
Go to your IT department and plead your case as to why you need this
ability. If they determine that the need out-weighs the security risk then
they can make the appropriate adjustments on the VPN server or simply place
you in another VPN group.
|
|
Posted by moncho on March 14, 2008, 11:49 am
Please log in for more thread options Diego Balgera wrote:
> Hi,
>
> my question is about the "local lan access" using the Cisco VPN client.
>
> When I establish the VPN, all the traffic is injected in the IPSec VPN.
> Checking the VPN client status (Status / statistics) I see that:
> - in "tunnel details", the local LAN is disabled (nothing changes if I
> enable the "allow local LAN access" in the VPN client profile, as it is
> overwritten by the VPN gateway administrator)
> - in "route details", the whole traffic is secured (no local lan routes
> and 0.0.0.0/0.0.0.0 in the secured routes)
>
> However, I do need to access some resources locally and changing the
> configuration of the VPN gateway (allow the local LAN and add local lan
> routes) is unfortunately not an option :-((
>
> Referring to the VPN client documentation, it states: "this feature
> (local LAN access) works only on one NIC card, the same NIC card as the
> tunnel". So I added a second NIC and configured the routing to the local
> resources via this second NIC but no way: when the VPN is established
> via the primary card still the access to local resources is prevented. I
> see that the routing table is correct and - when I initiate the traffic
> - only the arp entry appears showing that the local resource is being
> contacted via the second card but no IP traffic is initiated on that
> path ... :-(
>
> Do you know a possible solution / workaround to access the local
> resources in this scenario, by using a second NIC card or with whatever
> else solution?
>
Accessing the LAN and VPN at the same time is known as split-tunneling.
I believe, by default Cisco products turn this on by default.
Either way, as Brian V explained, give your IT department a buzz
and see if they will allow this functionality.
moncho
|
| Similar Threads | Posted |
| Cisco VPN client, local LAN access and second NIC | March 4, 2008, 4:53 am |
| Setup split tunnel to allow access to local lan using cisco vpn client | February 7, 2005, 11:20 am |
| PIX 506e - Configuring VPN Client Remote Access only using local DB without any external radius or tacas server | November 30, 2006, 5:30 am |
| Local Lan Access on Windows Cisco VPN Version 5.0.00.0340 | July 11, 2007, 12:48 pm |
| Cisco 506e - remote-access vpn, split tunnel, client has no internet access. | November 28, 2006, 11:12 am |
| Local Lan Access not working | July 26, 2005, 4:23 pm |
| Local LAN access - not working | February 28, 2006, 1:41 pm |
| local is slower to access ? | June 19, 2005, 3:21 pm |
| PIX 501 - Can not access local resources | November 14, 2006, 9:13 pm |
| Cisco VPN Client - client-LAN access for headquarter | April 1, 2009, 5:19 am |
| Pix 501 and Local Network / Router Access | July 6, 2005, 11:30 am |
| Local LAN Access - Works for WinXP, No Go For Linux - Same Server, Same Laptop | June 18, 2005, 10:28 am |
| Trying to access the PDM of a Cisco pix over a Remote Access VPN with Cisco VPN Client | September 7, 2008, 10:57 am |
| Cisco VPN Client Can't Access LAN | December 18, 2005, 1:06 pm |
| Cisco VPN client access to PIX501's internal network | December 17, 2007, 1:02 pm |
Cisco VPN client, local LAN access and second NIC
Yahoo!
Google
Windows Live
del.icio.us
digg
Netscape
> my question is about the "local lan access" using the Cisco VPN client.
> When I establish the VPN, all the traffic is injected in the IPSec VPN.
> Checking the VPN client status (Status / statistics) I see that:
> - in "tunnel details", the local LAN is disabled (nothing changes if I
> enable the "allow local LAN access" in the VPN client profile, as it is
> overwritten by the VPN gateway administrator)
> - in "route details", the whole traffic is secured (no local lan routes
> and 0.0.0.0/0.0.0.0 in the secured routes)
> However, I do need to access some resources locally and changing the
> configuration of the VPN gateway (allow the local LAN and add local lan
> routes) is unfortunately not an option :-((
> Referring to the VPN client documentation, it states: "this feature
> (local LAN access) works only on one NIC card, the same NIC card as the
> tunnel". So I added a second NIC and configured the routing to the local
> resources via this second NIC but no way: when the VPN is established
> via the primary card still the access to local resources is prevented. I
> see that the routing table is correct and - when I initiate the traffic
> - only the arp entry appears showing that the local resource is being
> contacted via the second card but no IP traffic is initiated on that
> path ... :-(
> Do you know a possible solution / workaround to access the local
> resources in this scenario, by using a second NIC card or with whatever
> else solution?
> Thank you in advance!
> Best regards.
> Diego.