Hi,
my question is about the "local lan access" using the Cisco VPN client.
When I establish the VPN, all the traffic is injected in the IPSec VPN.
Checking the VPN client status (Status / statistics) I see that:
- in "tunnel details", the local LAN is disabled (nothing changes if I
enable the "allow local LAN access" in the VPN client profile, as it is
overwritten by the VPN gateway administrator)
- in "route details", the whole traffic is secured (no local lan routes
and 0.0.0.0/0.0.0.0 in the secured routes)
However, I do need to access some resources locally and changing the
configuration of the VPN gateway (allow the local LAN and add local lan
routes) is unfortunately not an option :-((
Referring to the VPN client documentation, it states: "this feature
(local LAN access) works only on one NIC card, the same NIC card as the
tunnel". So I added a second NIC and configured the routing to the local
resources via this second NIC but no way: when the VPN is established
via the primary card still the access to local resources is prevented. I
see that the routing table is correct and - when I initiate the traffic
- only the arp entry appears showing that the local resource is being
contacted via the second card but no IP traffic is initiated on that
path ... :-(
Do you know a possible solution / workaround to access the local
resources in this scenario, by using a second NIC card or with whatever
else solution?
Thank you in advance!
Best regards.
Diego.
|
|
0
|
|
|
|
Reply
|
 Diego
|
3/4/2008 9:53:54 AM |
|
"Diego Balgera" <diego.balgera.123.antispam@libero.it> wrote in message
news:47cd1c32$0$16021$5fc30a8@news.tiscali.it...
> Hi,
>
> my question is about the "local lan access" using the Cisco VPN client.
>
> When I establish the VPN, all the traffic is injected in the IPSec VPN.
> Checking the VPN client status (Status / statistics) I see that:
> - in "tunnel details", the local LAN is disabled (nothing changes if I
> enable the "allow local LAN access" in the VPN client profile, as it is
> overwritten by the VPN gateway administrator)
> - in "route details", the whole traffic is secured (no local lan routes
> and 0.0.0.0/0.0.0.0 in the secured routes)
>
> However, I do need to access some resources locally and changing the
> configuration of the VPN gateway (allow the local LAN and add local lan
> routes) is unfortunately not an option :-((
>
> Referring to the VPN client documentation, it states: "this feature
> (local LAN access) works only on one NIC card, the same NIC card as the
> tunnel". So I added a second NIC and configured the routing to the local
> resources via this second NIC but no way: when the VPN is established
> via the primary card still the access to local resources is prevented. I
> see that the routing table is correct and - when I initiate the traffic
> - only the arp entry appears showing that the local resource is being
> contacted via the second card but no IP traffic is initiated on that
> path ... :-(
>
> Do you know a possible solution / workaround to access the local
> resources in this scenario, by using a second NIC card or with whatever
> else solution?
>
> Thank you in advance!
> Best regards.
> Diego.
Go to your IT department and plead your case as to why you need this
ability. If they determine that the need out-weighs the security risk then
they can make the appropriate adjustments on the VPN server or simply place
you in another VPN group.
|
|
|
0
|
|
|
|
Reply
|
Brian
|
3/4/2008 12:45:19 PM
|
|
Diego Balgera wrote:
> Hi,
>
> my question is about the "local lan access" using the Cisco VPN client.
>
> When I establish the VPN, all the traffic is injected in the IPSec VPN.
> Checking the VPN client status (Status / statistics) I see that:
> - in "tunnel details", the local LAN is disabled (nothing changes if I
> enable the "allow local LAN access" in the VPN client profile, as it is
> overwritten by the VPN gateway administrator)
> - in "route details", the whole traffic is secured (no local lan routes
> and 0.0.0.0/0.0.0.0 in the secured routes)
>
> However, I do need to access some resources locally and changing the
> configuration of the VPN gateway (allow the local LAN and add local lan
> routes) is unfortunately not an option :-((
>
> Referring to the VPN client documentation, it states: "this feature
> (local LAN access) works only on one NIC card, the same NIC card as the
> tunnel". So I added a second NIC and configured the routing to the local
> resources via this second NIC but no way: when the VPN is established
> via the primary card still the access to local resources is prevented. I
> see that the routing table is correct and - when I initiate the traffic
> - only the arp entry appears showing that the local resource is being
> contacted via the second card but no IP traffic is initiated on that
> path ... :-(
>
> Do you know a possible solution / workaround to access the local
> resources in this scenario, by using a second NIC card or with whatever
> else solution?
>
Accessing the LAN and VPN at the same time is known as split-tunneling.
I believe, by default Cisco products turn this on by default.
Either way, as Brian V explained, give your IT department a buzz
and see if they will allow this functionality.
moncho
|
|
|
0
|
|
|
|
Reply
|
moncho
|
3/14/2008 3:49:53 PM
|
|
|
2 Replies
406 Views
(page loaded in 0.12 seconds)
Similiar Articles: Cisco VPN client, local LAN access and second NIC - comp.dcom.sys ...Hi, my question is about the "local lan access" using the Cisco VPN client. When I establish the VPN, all the traffic is injected in the IPSec VPN. ... Cisco vpn transparent tunneling inactive - comp.dcom.sys.cisco ...The vpn client is 4.0.5 version cisco vpn ... Local Route Group on Cisco UCM 7.0 - comp.dcom.sys ... Cisco vpn ... Wake on LAN Router Configuration - comp.dcom.sys.cisco ... Cisco VPN client, packets beeing discarded and bypassed - comp ...Pix to Pix: Initiate VPN on one side only... - comp.dcom.sys.cisco ... Cisco VPN client, local LAN access and second NIC - comp.dcom.sys ..... local LAN access) works only ... User De-authenticates every few minutes - comp.dcom.sys.cisco ...He is using a D-Link DWL-AG530 NIC. I do have Cisco Aironet ... Associated client count on Cisco 1121 AP's - comp.dcom.sys ... time drifiting backwards by up to a second ... Deploying cisco vpn client software via group policy - comp.dcom ...Cisco VPN client, local LAN access and second NIC - comp.dcom.sys ..... local lan access" using the Cisco VPN client ... adjustments on the VPN server or simply place ... Privilege level for VPN Access - comp.dcom.sys.ciscoCisco VPN client, local LAN access and second NIC - comp.dcom.sys ... Privilege level for VPN Access - comp.dcom.sys.cisco Cisco VPN client, local LAN access and second ... CISCO VPN Client/pcAnywhere question - comp.dcom.sys.cisco ...Cisco VPN client, local LAN access and second NIC - comp.dcom.sys ... Hi, my question is about the "local lan access" using the Cisco VPN client. VPN ASA Authentication to MS CA - comp.dcom.sys.cisco... to create a local server on the ASA and put it in RA Mode so the requests from the VPN Client ... level for VPN Access - comp.dcom.sys.cisco VPN ... Help with Cisco VPN client 4 ... Cisco Wireless - Client hidden from each other possible ? - comp ...Cisco VPN client, local LAN access and second NIC - comp.dcom.sys ...:-( Do you know a possible solution / workaround to access the local ... VPN ASA Authentication to MS ... wireless client cannot communicate each other? - comp.dcom.sys ...Cisco VPN client, local LAN access and second NIC - comp.dcom.sys ... wireless client cannot communicate each other? - comp.dcom.sys ..... to MS CA - comp.dcom.sys.cisco ... Cisco VPN client, local LAN access and second NICHi, my question is about the "local lan access" using the Cisco VPN client. When I establish the VPN, all the traffic is injected in the IPSec VPN. Checking the VPN ... Cisco VPN client, local LAN access and second NIC - comp.dcom.sys ...Hi, my question is about the "local lan access" using the Cisco VPN client. When I establish the VPN, all the traffic is injected in the IPSec VPN. ... 7/26/2012 9:10:50 PM
|
Search |
Post Question |
Groups |
Stream |
About |
Register
23 followers. 