|
Posted by Diego Balgera on March 4, 2008, 4:53 am
Please log in for more thread options
Hi,
my question is about the "local lan access" using the Cisco VPN client.
When I establish the VPN, all the traffic is injected in the IPSec VPN.
Checking the VPN client status (Status / statistics) I see that:
- in "tunnel details", the local LAN is disabled (nothing changes if I
enable the "allow local LAN access" in the VPN client profile, as it is
overwritten by the VPN gateway administrator)
- in "route details", the whole traffic is secured (no local lan routes
and 0.0.0.0/0.0.0.0 in the secured routes)
However, I do need to access some resources locally and changing the
configuration of the VPN gateway (allow the local LAN and add local lan
routes) is unfortunately not an option :-((
Referring to the VPN client documentation, it states: "this feature
(local LAN access) works only on one NIC card, the same NIC card as the
tunnel". So I added a second NIC and configured the routing to the local
resources via this second NIC but no way: when the VPN is established
via the primary card still the access to local resources is prevented. I
see that the routing table is correct and - when I initiate the traffic
- only the arp entry appears showing that the local resource is being
contacted via the second card but no IP traffic is initiated on that
path ... :-(
Do you know a possible solution / workaround to access the local
resources in this scenario, by using a second NIC card or with whatever
else solution?
Thank you in advance!
Best regards.
Diego.
|
|
Posted by Brian V on March 4, 2008, 7:45 am
Please log in for more thread options
> Hi,
>
> my question is about the "local lan access" using the Cisco VPN client.
>
> When I establish the VPN, all the traffic is injected in the IPSec VPN.
> Checking the VPN client status (Status / statistics) I see that:
> - in "tunnel details", the local LAN is disabled (nothing changes if I
> enable the "allow local LAN access" in the VPN client profile, as it is
> overwritten by the VPN gateway administrator)
> - in "route details", the whole traffic is secured (no local lan routes
> and 0.0.0.0/0.0.0.0 in the secured routes)
>
> However, I do need to access some resources locally and changing the
> configuration of the VPN gateway (allow the local LAN and add local lan
> routes) is unfortunately not an option :-((
>
> Referring to the VPN client documentation, it states: "this feature
> (local LAN access) works only on one NIC card, the same NIC card as the
> tunnel". So I added a second NIC and configured the routing to the local
> resources via this second NIC but no way: when the VPN is established
> via the primary card still the access to local resources is prevented. I
> see that the routing table is correct and - when I initiate the traffic
> - only the arp entry appears showing that the local resource is being
> contacted via the second card but no IP traffic is initiated on that
> path ... :-(
>
> Do you know a possible solution / workaround to access the local
> resources in this scenario, by using a second NIC card or with whatever
> else solution?
>
> Thank you in advance!
> Best regards.
> Diego.
Go to your IT department and plead your case as to why you need this
ability. If they determine that the need out-weighs the security risk then
they can make the appropriate adjustments on the VPN server or simply place
you in another VPN group.
|
| Similar Threads | Posted |
| Cisco VPN client, local LAN access and second NIC | March 4, 2008, 4:53 am |
| VPN and Local access | June 30, 2005, 2:09 pm |
| Is protection available to prevent access across a tunnel if local machine compromised? | March 29, 2005, 4:49 pm |
| CISCO VPN Client access internet through Windows xp pppoe | August 10, 2006, 11:32 pm |
| Cisco VPN client connects, but restricts LAN access even when option is ENABLED... | October 20, 2006, 10:58 am |
| Openvpn -- no local network acces form the client | November 8, 2005, 5:11 am |
| Linksys RV082/Greenbow client tunnel connected not able to connect to local resources | December 14, 2006, 10:04 am |
| access win domain w/ cisco 800 easy vpn | February 10, 2005, 5:15 pm |
| Watchguard / Safenet Client and Cisco VPN Client Compatible? | February 7, 2005, 6:38 pm |
| VPN blocks local network | September 20, 2005, 6:57 pm |
| OpenVPN on local network | December 18, 2005, 7:35 am |
| Accesing local resources | February 7, 2006, 8:37 am |
| Can't map local drives in VPN session | August 14, 2006, 10:32 am |
| Local Area Network (LAN) | November 13, 2007, 12:55 am |
| Hacking VPN to see local resources or Acces Internet | January 17, 2006, 9:45 am |
Cisco VPN client, local LAN access and second NIC
Yahoo!
Google
Windows Live
del.icio.us
digg
Netscape
>
> my question is about the "local lan access" using the Cisco VPN client.
>
> When I establish the VPN, all the traffic is injected in the IPSec VPN.
> Checking the VPN client status (Status / statistics) I see that:
> - in "tunnel details", the local LAN is disabled (nothing changes if I
> enable the "allow local LAN access" in the VPN client profile, as it is
> overwritten by the VPN gateway administrator)
> - in "route details", the whole traffic is secured (no local lan routes
> and 0.0.0.0/0.0.0.0 in the secured routes)
>
> However, I do need to access some resources locally and changing the
> configuration of the VPN gateway (allow the local LAN and add local lan
> routes) is unfortunately not an option :-((
>
> Referring to the VPN client documentation, it states: "this feature
> (local LAN access) works only on one NIC card, the same NIC card as the
> tunnel". So I added a second NIC and configured the routing to the local
> resources via this second NIC but no way: when the VPN is established
> via the primary card still the access to local resources is prevented. I
> see that the routing table is correct and - when I initiate the traffic
> - only the arp entry appears showing that the local resource is being
> contacted via the second card but no IP traffic is initiated on that
> path ... :-(
>
> Do you know a possible solution / workaround to access the local
> resources in this scenario, by using a second NIC card or with whatever
> else solution?
>
> Thank you in advance!
> Best regards.
> Diego.