Cisco VPN client, local LAN access and second NIC

Hi,

my question is about the "local lan access" using the Cisco VPN client.

When I establish the VPN, all the traffic is injected in the IPSec VPN.
Checking the VPN client status (Status / statistics) I see that:
- in "tunnel details", the local LAN is disabled (nothing changes if I
enable the "allow local LAN access" in the VPN client profile, as it is
overwritten by the VPN gateway administrator)
- in "route details", the whole traffic is secured (no local lan routes
and 0.0.0.0/0.0.0.0 in the secured routes)

However, I do need to access some resources locally and changing the
configuration of the VPN gateway (allow the local LAN and add local lan
routes) is unfortunately not an option :-((

Referring to the VPN client documentation, it states: "this feature
(local LAN access) works only on one NIC card, the same NIC card as the
tunnel". So I added a second NIC and configured the routing to the local
resources via this second NIC but no way: when the VPN is established
via the primary card still the access to local resources is prevented. I
see that the routing table is correct and - when I initiate the traffic
- only the arp entry appears showing that the local resource is being
contacted via the second card but no IP traffic is initiated on that
path ... :-(

Do you know a possible solution / workaround to access the local
resources in this scenario, by using a second NIC card or with whatever
else solution?

Thank you in advance!
Best regards.
Diego.

 

Go to your IT department and plead your case as to why you need this
ability. If they determine that the need out-weighs the security risk then
they can make the appropriate adjustments on the VPN server or simply place
you in another VPN group.

 

Accessing the LAN and VPN at the same time is known as split-tunneling.

I believe, by default Cisco products turn this on by default.

Either way, as Brian V explained, give your IT department a buzz
and see if they will allow this functionality.

moncho