Using VMware when Cisco VPN client is connected

Discussion in 'Cisco' started by 4integration, Sep 30, 2008.

  1. 4integration

    4integration Guest

    Hello,

    When I am working from home I have to use Cisco VPN Client (ver
    4.8.02.0010) to access the company network. This works fine with the
    host operative system WinXP SP2.

    However, in my work I uses VMware quite a lot and have IBM software
    installed on the Guest OS (WinXP SP2). The host OS have IBM
    development environment installed that has to communicate with Guest
    system via TCP/IP but I can't get this working.

    I know that the purpose of VPN is to secure a tunnel from my machine
    to company network (and block other network trafic) but the VMware is
    part of my machine and should be trusted.

    I have tested with different configurations, without any success.

    Do you have any hint/workaround to get this working?
    Is it worth to test more configurations or is out of luck?

    Best Regards
    Joacim
     
    4integration, Sep 30, 2008
    #1
    1. Advertisements

  2. 4integration

    Trendkill Guest

    Are you running NAT to the VM instance, i.e. its represented
    externally by your physical NIC address, or are you running in bridge
    mode?
     
    Trendkill, Sep 30, 2008
    #2
    1. Advertisements

  3. 4integration

    4integration Guest

    The default (and current) setup is NAT but have tested with Brigde and
    Host-Only.
     
    4integration, Sep 30, 2008
    #3
  4. 4integration

    Trendkill Guest

    I'll bet its natt'ing to your physical address, rather than the
    logical VPN address assigned by the concentrator. If this is the
    issue, I'm not really sure how you would get this to work. Can you
    still get to local hosts (ie your home router, etc) with the VM
    instance?
     
    Trendkill, Sep 30, 2008
    #4
  5. 4integration

    Andrew Lutov Guest

    Hello, 4integration!
    You wrote on Tue, 30 Sep 2008 11:55:47 -0700 (PDT):

    i> When I am working from home I have to use Cisco VPN Client (ver
    i> 4.8.02.0010) to access the company network. This works fine with the
    i> host operative system WinXP SP2.

    i> However, in my work I uses VMware quite a lot and have IBM software
    i> installed on the Guest OS (WinXP SP2). The host OS have IBM
    i> development environment installed that has to communicate with Guest
    i> system via TCP/IP but I can't get this working.

    i> I know that the purpose of VPN is to secure a tunnel from my machine
    i> to company network (and block other network trafic) but the VMware is
    i> part of my machine and should be trusted.

    i> I have tested with different configurations, without any success.

    i> Do you have any hint/workaround to get this working?
    i> Is it worth to test more configurations or is out of luck?

    "split-tunnel" on server side ciscoEasyVPN?
     
    Andrew Lutov, Oct 1, 2008
    #5
  6. 4integration

    Andrew Lutov Guest

    Hello, Andrew!

    AL> "split-tunnel" on server side ciscoEasyVPN?

    or on client-side:
    "Transport" - "Allow Local LAN Access"

    (not sure).
     
    Andrew Lutov, Oct 1, 2008
    #6
  7. 4integration

    Andrew Lutov Guest

    Hello, Andrew!

    AL>> "split-tunnel" on server side ciscoEasyVPN?

    AL> or on client-side:
    AL> "Transport" - "Allow Local LAN Access"

    Allowing Local LAN Access
    In a multiple-NIC configuration, Local LAN access pertains only to network
    traffic on the interface on which the tunnel was established. The Allow
    Local LAN Access parameter gives you access to the resources on your local
    LAN (printer, fax, shared files, other systems) when you are connected
    through a secure gateway to a central-site VPN device. When this parameter
    is enabled and your central site is configured to permit it, you can access
    local resources while connected. When this parameter is disabled, all
    traffic from your Client system goes through the IPSec connection to the
    secure gateway.

    To enable this feature, check Allow Local LAN Access; to disable it, uncheck
    the check box. If the local LAN you are using is not secure, you should
    disable this feature. For example, you would disable this feature when you
    are using a local LAN in a hotel or airport.

    A network administrator at the central site configures a list of networks at
    the Client side that you can access. You can access up to 10 networks when
    this feature is enabled. When Allow Local LAN Access is enabled and you are
    connected to a central site, all traffic from your system goes through the
    IPSec tunnel except traffic to the networks excluded from doing so (in the
    network list).

    When this feature is enabled and configured on the VPN Client and permitted
    on the central-site VPN device, you can see a list of the local LANs
    available by looking at the Routes table.

    To display the Routes table, use the following procedure:

    1.. Display the Status menu and choose Statistics.

    2.. Choose Route Details from the Statistics dialog box.

    The routes table shows local LAN routes, which do not traverse and IPSec
    tunnel and secured routes, which do traverse an IPSec tunnel to a
    central-site device. The routes in the local LAN routes column are for
    locally available resources.

    Note This feature works only on one NIC card, the same NIC card as the
    tunnel.

    Note While connected, you cannot print or browse the local LAN by name;
    when disconnected, you can print and browse by name. For more information on
    this limitation refer to VPN Client Administrator Guide, Chapter 1.

    ---
     
    Andrew Lutov, Oct 1, 2008
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.