Local Lan Access not working

Discussion in 'Cisco' started by bevan.lindsey, Jul 27, 2005.

  1. Our head Office is using a Cisco Pix 515e Firewall behind a Cisco 827
    DSL router, another remote office site is using a Cisco Pix 506
    firewall behind a Cisco 827 DSL router. These are happily talking to
    each other in a site to site VPN. We also have broadband and dial up
    users connecting via VPN into the Head Office through the 515e Pix
    using the Cisco VPN client ver 4.0.2b. Everything works great with the
    exception of this:
    One of our Directors connects into the company LAN from his home LAN
    using his company laptop and the VPN client. There is a printer hanging
    of his home XP-Pro Desktop that he want to print to. Prior to running
    up his VPN connection, he can print across his LAN through the desktop
    fine, once the vpn tunnel is active he cannot. I turned on the "allow
    Local LAN access" feature in the VPN client, but it makes no
    difference. I also went into the web gui on the 515e Pix, went into the
    split tunneling screen and added the network addressing for his LAN
    (192.168.1.0), this made no difference.
    FYI - The network address range for his home LAN is completely
    different to the address range used on the inside of the company LAN,
    so no conflict there. Also during all of this the VPN client has the
    statefull inspection firewall enabled (this is bundled with the cisco
    client). Turning this off also made no difference.
    What do I need to change in order to get the printing/Local Lan access
    to work? Is there some other things I need change on the PIX firewall?
     
    bevan.lindsey, Jul 27, 2005
    #1
    1. Advertisements

  2. bevan.lindsey

    Merv Guest

    1. See if he can ping the IP address assigned to his desktop
    (192.168.1.x) while the VPN connection is up

    2. If so, see if the printer can be accessed using a sharename with the
    IP address in it i.e \\192.168.1.x\printer_name
     
    Merv, Jul 27, 2005
    #2
    1. Advertisements

  3. No once the Vpn tunnel is established he cannot ping any local lan
    address (192.168.1.X). Prior to the VPN tunnel he can.
    Surely this is a PIX issue?
     
    bevan.lindsey, Jul 28, 2005
    #3
  4. :We also have broadband and dial up
    :users connecting via VPN into the Head Office through the 515e Pix
    :using the Cisco VPN client ver 4.0.2b. Everything works great with the
    :exception of this:

    :home XP-Pro Desktop that he want to print to. Prior to running
    :up his VPN connection, he can print across his LAN through the desktop
    :fine, once the vpn tunnel is active he cannot. I turned on the "allow
    :Local LAN access" feature in the VPN client, but it makes no
    :difference. I also went into the web gui on the 515e Pix, went into the
    :split tunneling screen and added the network addressing for his LAN
    :(192.168.1.0), this made no difference.

    Please check the vpngroup 'split-tunnel' ACL. It should be written
    as if the source is the PIX inside addresses, and the destinations
    are the IP pool addresses that are assigned to the vpngroup. The
    ACL indicates the connections that will go over the tunnel; anything
    denied (implicitly or explicitly) will be permitted directly for the
    client.
     
    Walter Roberson, Jul 29, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.