|
General Cisco Forum - Cisco Systems - Hardware Software and Security News and Discussions
|
|
|
|
If you were Registered and logged in, you could reply and use other advanced thread options
|
Posted by Diego Balgera on March 4, 2008, 4:53 am
Hi,
my question is about the "local lan access" using the Cisco VPN client.
When I establish the VPN, all the traffic is injected in the IPSec VPN.
Checking the VPN client status (Status / statistics) I see that:
- in "tunnel details", the local LAN is disabled (nothing changes if I
enable the "allow local LAN access" in the VPN client profile, as it is
overwritten by the VPN gateway administrator)
- in "route details", the whole traffic is secured (no local lan routes
and 0.0.0.0/0.0.0.0 in the secured routes)
However, I do need to access some resources locally and changing the
configuration of the VPN gateway (allow the local LAN and add local lan
routes) is unfortunately not an option :-((
Referring to the VPN client documentation, it states: "this feature
(local LAN access) works only on one NIC card, the same NIC card as the
tunnel". So I added a second NIC and configured the routing to the local
resources via this second NIC but no way: when the VPN is established
via the primary card still the access to local resources is prevented. I
see that the routing table is correct and - when I initiate the traffic
- only the arp entry appears showing that the local resource is being
contacted via the second card but no IP traffic is initiated on that
path ... :-(
Do you know a possible solution / workaround to access the local
resources in this scenario, by using a second NIC card or with whatever
else solution?
Thank you in advance!
Best regards.
Diego.
|
|
Posted by Brian V on March 4, 2008, 7:45 am
> Hi,
> my question is about the "local lan access" using the Cisco VPN client.
> When I establish the VPN, all the traffic is injected in the IPSec VPN.
> Checking the VPN client status (Status / statistics) I see that:
> - in "tunnel details", the local LAN is disabled (nothing changes if I
> enable the "allow local LAN access" in the VPN client profile, as it is
> overwritten by the VPN gateway administrator)
> - in "route details", the whole traffic is secured (no local lan routes
> and 0.0.0.0/0.0.0.0 in the secured routes)
> However, I do need to access some resources locally and changing the
> configuration of the VPN gateway (allow the local LAN and add local lan
> routes) is unfortunately not an option :-((
> Referring to the VPN client documentation, it states: "this feature
> (local LAN access) works only on one NIC card, the same NIC card as the
> tunnel". So I added a second NIC and configured the routing to the local
> resources via this second NIC but no way: when the VPN is established
> via the primary card still the access to local resources is prevented. I
> see that the routing table is correct and - when I initiate the traffic
> - only the arp entry appears showing that the local resource is being
> contacted via the second card but no IP traffic is initiated on that
> path ... :-(
> Do you know a possible solution / workaround to access the local
> resources in this scenario, by using a second NIC card or with whatever
> else solution?
> Thank you in advance!
> Best regards.
> Diego.
Go to your IT department and plead your case as to why you need this
ability. If they determine that the need out-weighs the security risk then
they can make the appropriate adjustments on the VPN server or simply place
you in another VPN group.
|
|
Posted by moncho on March 14, 2008, 11:49 am
Diego Balgera wrote:
> Hi,
>
> my question is about the "local lan access" using the Cisco VPN client.
>
> When I establish the VPN, all the traffic is injected in the IPSec VPN.
> Checking the VPN client status (Status / statistics) I see that:
> - in "tunnel details", the local LAN is disabled (nothing changes if I
> enable the "allow local LAN access" in the VPN client profile, as it is
> overwritten by the VPN gateway administrator)
> - in "route details", the whole traffic is secured (no local lan routes
> and 0.0.0.0/0.0.0.0 in the secured routes)
>
> However, I do need to access some resources locally and changing the
> configuration of the VPN gateway (allow the local LAN and add local lan
> routes) is unfortunately not an option :-((
>
> Referring to the VPN client documentation, it states: "this feature
> (local LAN access) works only on one NIC card, the same NIC card as the
> tunnel". So I added a second NIC and configured the routing to the local
> resources via this second NIC but no way: when the VPN is established
> via the primary card still the access to local resources is prevented. I
> see that the routing table is correct and - when I initiate the traffic
> - only the arp entry appears showing that the local resource is being
> contacted via the second card but no IP traffic is initiated on that
> path ... :-(
>
> Do you know a possible solution / workaround to access the local
> resources in this scenario, by using a second NIC card or with whatever
> else solution?
>
Accessing the LAN and VPN at the same time is known as split-tunneling.
I believe, by default Cisco products turn this on by default.
Either way, as Brian V explained, give your IT department a buzz
and see if they will allow this functionality.
moncho
|
| Similar Threads | Posted | | Setup split tunnel to allow access to local lan using cisco vpn client | February 7, 2005, 8:20 am |
| PIX 506e - Configuring VPN Client Remote Access only using local DB without any external radius or tacas server | November 30, 2006, 5:30 am |
| Local Lan Access on Windows Cisco VPN Version 5.0.00.0340 | July 11, 2007, 12:48 pm |
| Cisco 506e - remote-access vpn, split tunnel, client has no internet access. | November 28, 2006, 11:12 am |
| Cisco VPN Client - client-LAN access for headquarter | April 1, 2009, 5:19 am |
| local is slower to access ? | June 19, 2005, 12:21 pm |
| Local Lan Access not working | July 26, 2005, 4:23 pm |
| Local LAN access - not working | February 28, 2006, 1:41 pm |
| PIX 501 - Can not access local resources | November 14, 2006, 9:13 pm |
| Pix 501 and Local Network / Router Access | July 6, 2005, 3:30 pm |
|
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map
> my question is about the "local lan access" using the Cisco VPN client.
> When I establish the VPN, all the traffic is injected in the IPSec VPN.
> Checking the VPN client status (Status / statistics) I see that:
> - in "tunnel details", the local LAN is disabled (nothing changes if I
> enable the "allow local LAN access" in the VPN client profile, as it is
> overwritten by the VPN gateway administrator)
> - in "route details", the whole traffic is secured (no local lan routes
> and 0.0.0.0/0.0.0.0 in the secured routes)
> However, I do need to access some resources locally and changing the
> configuration of the VPN gateway (allow the local LAN and add local lan
> routes) is unfortunately not an option :-((
> Referring to the VPN client documentation, it states: "this feature
> (local LAN access) works only on one NIC card, the same NIC card as the
> tunnel". So I added a second NIC and configured the routing to the local
> resources via this second NIC but no way: when the VPN is established
> via the primary card still the access to local resources is prevented. I
> see that the routing table is correct and - when I initiate the traffic
> - only the arp entry appears showing that the local resource is being
> contacted via the second card but no IP traffic is initiated on that
> path ... :-(
> Do you know a possible solution / workaround to access the local
> resources in this scenario, by using a second NIC card or with whatever
> else solution?
> Thank you in advance!
> Best regards.
> Diego.