Re: Cisco VPN client, local LAN access and second NIC

From: moncho <moncho@xxxxxxxxxxxxxxxxx>
Date: Fri, 14 Mar 2008 11:49:53 -0400

Diego Balgera wrote:

Hi,

my question is about the "local lan access" using the Cisco VPN client.

When I establish the VPN, all the traffic is injected in the IPSec VPN.
Checking the VPN client status (Status / statistics) I see that:
- in "tunnel details", the local LAN is disabled (nothing changes if I
enable the "allow local LAN access" in the VPN client profile, as it is
overwritten by the VPN gateway administrator)
- in "route details", the whole traffic is secured (no local lan routes
and 0.0.0.0/0.0.0.0 in the secured routes)

However, I do need to access some resources locally and changing the
configuration of the VPN gateway (allow the local LAN and add local lan
routes) is unfortunately not an option :-((

Referring to the VPN client documentation, it states: "this feature
(local LAN access) works only on one NIC card, the same NIC card as the
tunnel". So I added a second NIC and configured the routing to the local
resources via this second NIC but no way: when the VPN is established
via the primary card still the access to local resources is prevented. I
see that the routing table is correct and - when I initiate the traffic
- only the arp entry appears showing that the local resource is being
contacted via the second card but no IP traffic is initiated on that
path ... :-(

Do you know a possible solution / workaround to access the local
resources in this scenario, by using a second NIC card or with whatever
else solution?

Accessing the LAN and VPN at the same time is known as split-tunneling.

I believe, by default Cisco products turn this on by default.

Either way, as Brian V explained, give your IT department a buzz
and see if they will allow this functionality.

moncho
.

Prev by Date: Re: cisco switch 2950, vlan and dhcp scope
Next by Date: Help! ASA5510 Lower to Higher
Previous by thread: VPN Help
Next by thread: Help! ASA5510 Lower to Higher
Index(es):
- Date
- Thread

Relevant Pages

Local Lan Access on Windows Cisco VPN Version 5.0.00.0340
... I have selected the box "Allow Local Lan Access" in one of my VPN ... connections and this has resolved most of my connectivity issues. ... disconnect from the VPN client - and I can access the remote shared ...
(comp.dcom.sys.cisco)
Re: Desperate Housewife Win 2000 Server vpn mess !
... The vpn client receives a static IP from range 192.168.1.25 to .32. ... same time I get DNS time out error on my Internet Browser during connection. ... I can connect to my server using ONLY IP address not name. ... > connection from local Lan client but will do so asap. ...
(microsoft.public.win2000.ras_routing)
Re: Is a distribution point local through VPN?
... In this particular case the VPN and local LAN pools overlap. ... the local LAN also see the distribution point as remote? ... > Set an IP address range for the IP addresses used for your VPN pool. ...
(microsoft.public.sms.misc)
Re: VPN problem! remote net using same ip range?
... could this situation also pose a security risk since a users vpn adapter ... that will not work if both remote LAN and local LAN have ... > VPN client talk to the email server directly. ... >> of wisdom just based on knowing both remote and local network are using ...
(microsoft.public.win2000.ras_routing)
Re: VPN Issue
... The VPN software is determined ... they lose local LAN for the duration of the VPN session. ... When you VPN to a different network, the main problem that causes the ... Several VPN client softwares may force the local network LAN ...
(microsoft.public.windowsxp.general)