Cisco VPN client, local LAN access and second NIC

Discussion in 'Cisco' started by Diego Balgera, Mar 4, 2008.

  1. Hi,

    my question is about the "local lan access" using the Cisco VPN client.

    When I establish the VPN, all the traffic is injected in the IPSec VPN.
    Checking the VPN client status (Status / statistics) I see that:
    - in "tunnel details", the local LAN is disabled (nothing changes if I
    enable the "allow local LAN access" in the VPN client profile, as it is
    overwritten by the VPN gateway administrator)
    - in "route details", the whole traffic is secured (no local lan routes
    and 0.0.0.0/0.0.0.0 in the secured routes)

    However, I do need to access some resources locally and changing the
    configuration of the VPN gateway (allow the local LAN and add local lan
    routes) is unfortunately not an option :-((

    Referring to the VPN client documentation, it states: "this feature
    (local LAN access) works only on one NIC card, the same NIC card as the
    tunnel". So I added a second NIC and configured the routing to the local
    resources via this second NIC but no way: when the VPN is established
    via the primary card still the access to local resources is prevented. I
    see that the routing table is correct and - when I initiate the traffic
    - only the arp entry appears showing that the local resource is being
    contacted via the second card but no IP traffic is initiated on that
    path ... :-(

    Do you know a possible solution / workaround to access the local
    resources in this scenario, by using a second NIC card or with whatever
    else solution?

    Thank you in advance!
    Best regards.
    Diego.
     
    Diego Balgera, Mar 4, 2008
    #1
    1. Advertisements

  2. Diego Balgera

    Brian V Guest

    Go to your IT department and plead your case as to why you need this
    ability. If they determine that the need out-weighs the security risk then
    they can make the appropriate adjustments on the VPN server or simply place
    you in another VPN group.
     
    Brian V, Mar 4, 2008
    #2
    1. Advertisements

  3. Diego Balgera

    moncho Guest

    Accessing the LAN and VPN at the same time is known as split-tunneling.

    I believe, by default Cisco products turn this on by default.

    Either way, as Brian V explained, give your IT department a buzz
    and see if they will allow this functionality.

    moncho
     
    moncho, Mar 14, 2008
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.