Connect through Cisco VPN without losing local LAN connections (Linux RedHat 9 + Cisco Systems VPN Client Version 4.6.02)

I have installed the Cisco Systems VPN Client Version 4.6.02 (0030) on my RedHat Linux 9 box, and it works very well. Except that, while the VPN is connected, the RedHat box disappears off my LAN.

As my normal way of working is to ssh into the Linux box from the machine on my desk, this is very inconvenient!

The LAN is connected to the Internet through a ZyXel ADSL NAT router, if that makes any difference.

Out of interest, I also installed the Cisco VPN client on my Windows XP machine, and that had exactly the same effect.

I assume the VPN is directing al network traffic out through the VPN, rather than routing local traffic locally, and only VPN traffic remotely. But I'm not sure where to start to correct this (or even if the Cisco client allows it to be corrected).

Thanks in advance,

Nikki Locke
LVL 2
nikkilockeAsked:
Who is Participating?
 
lrmooreCommented:
The Cisco VPN client has an embedded firewall that is active whenever the client is active. There is another option that you can enable the firewall always. "Stateful Firewall always on" is either checked or unchecked by the user to change the behavior while the VPN is not connected. Once connected, you have no control over this behavior.
There is another option to "allow local LAN access" that is controlled by the server end. Even though there is a check box for this on the client, it doesn't do anything. However, local LAN access means that the client can print, map drives to servers, get email, etc, but cannot share out files or printers or anything like that while connectd.

This is a security "feature" of the Cisco VPN solution, and one reason that it is so successful.
Just think of the ramifications of your VPN users' PC can be used as a tunnel into your corporate network.
0
 
nikkilockeAuthor Commented:
I am the poor VPN user!

I don't want to tunnel into the network, I want to access _MY_ local LAN, at the _CLIENT_ end.

Otherwise I will have to attach a keyboard and screen to my Linux box, find a desk to put them on, and move over to work on that desk whenever I want to be connected to the VPN.
0
 
lrmooreCommented:
>I am the poor VPN user!
I understand, but you have to remember what the product was designed for - security of the corporate ass(etts).
Just as you have viable reasons for wanting to access the PC while it is connected, if it was possible, then it would also be just as easy for other poor VPN users to exploit it, perhaps not even knowingly.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
nikkilockeAuthor Commented:
What if I add another network card to the Linux box - will that other card still work to connect to the LAN?
Or is that prevented somehow as well?
0
 
lrmooreCommented:
I doubt that will work, either. The VPN client uses a Deterministic Network Enhancer layer that works between the application layer and the hardware.
0
 
nikkilockeAuthor Commented:
I thought the Deterministic Network Enhancer layer was for Windows only. Am I wrong?

I am connecting my Linux box to the VPN.

P.S. Thanks for the replies - you will obviously get the points when I close the question, even though it is not the answer I want to hear :-)
Unless someone comes along who does have the answer I want to hear, of course. Then you'll just get a share!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.