Remote desktop and VPN

Hey all VPN gurus,

machines involved windows xp pro
no firewall involved

I can connect to VPN server in my office using the VPN client and remote desktop to my office computer fine.
But I cannot connect to my office computer using Remote desktop if vpn client is running in that office computer.
I see once installing VPN , there is another "lan connection" in that computer. Is that affecting anything.

I am using this CISCO VPN client.  If VPN client is running in  my office computer , what IP address I should be using to connect to it..

SR
LVL 49
sunray_2003Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

grbladesCommented:
Hi sunray_2003,
On the Cisco client on the office machine make sure the 'permit local LAN access' box is ticked.
On the Cisco VPN server it must also be configured with a 'split-tunnel' otherwise all traffic to the non local network will be sent over the VPN connection including the replies to your remote desktop connection attempt.
0
sunray_2003Author Commented:
grblades,

On the CISCO client there is something called "allow local LAN access". I guess you meant the same. OK ., I shall turn it ON and check..

Also on the CISCO client side there is something like "enable transparent tunnelling". Should i turn it ON or OFF. I can actually try both and see but wondering what it should be

I donot have access to the VPN server so I cannot do any changes, I guess.

0
grbladesCommented:
Yes it is 'allow local LAN access'. Enabling this should allow you to access computers on your local network.
If you find that you cannot access other machines on the Internet or other networks at your office apart from your own local one then split-tunneling will need to be configured on the vpn server.
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

sunray_2003Author Commented:
Busy with another issue here. Will test and close the question asap..

SR
0
sunray_2003Author Commented:
That doesnot seem to work grblades.

I have enabled that option but still could not connect to the machine. may be something needs to be in the VPN server end ?
0
grbladesCommented:
When you VPN in you are given an IP address on a different network normally. Can you confirm this by typing 'ipconfig' in a command prompt window while the VPN is active and see what IP address you are given. It should be on a different network to your internal company network.
You will probably need to check the VPN server your work machine is connected to to make sure split-tunneling is enabled so that it does not try and encrypt the reply it sends back to your machine. This will be the default unless split-tunneling is configured.
0
sunray_2003Author Commented:
Yes I get 2 IP addresses.

and Yes it is in the different network.

See I can remote desktop to the othermachine from machine if VPN client is not running on that machine.
0
grbladesCommented:
It sounds as if split-tunneling is your problem then.

Basically what is happening when the office machine has VPN open is that your packets get sent over your VPN and appear on the office network coming from your given IP address.
The office computer replies but because the VPN is open and the address the reply is going to is not on the local network it gets encrypted and sent to the site that computer is connected to.
The remote site does not know about this IP address and the firewall wont sent it back so it just gets lost.
You need a split-tunnel defined so that only traffic to and from your company network and the other remote site gets sent across the VPN. That way when the office computer replies it will see the traffic is not to the remote site and therefore will not encrypt it and so you will get the reply and it will work fine.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunray_2003Author Commented:
Thanks for the explanation. I was thinking something on those lines but your explanation is much clearer..

SR
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.