Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1750
  • Last Modified:

Cisco, VPN Client, 3.6.6, Allow Local LAN Access

When I connect to a remote network using Cisco VPN Client I loose access to my local LAN.

I have made sure that the "Allow Local LAN Access"  option is enabled but when I connect and then view the status it says that this feature is disabled.

From what I can see it seems like the remote network server is over riding the local settings.

Is there anything I can do to make it allow the local lan access because when ever the VPN is connected we are unable to access the local network printers to print out the documents that we download.

Any help would be gratefully appreciated.

Tom
0
tadatom
Asked:
tadatom
  • 2
  • 2
  • 2
  • +1
1 Solution
 
JFrederick29Commented:
There is no way to override this locally.  Split Tunneling needs to be enabled on the VPN server to allow access to your local LAN.
0
 
Pete LongConsultantCommented:
JFrederick29 is correct you need to diable Split tunneling on the appliance

Enabling and Disabling Split Tunnelling

If its v7 or 8 remove the two lines that LOOK LIKE

access-list RemoteVPN_splitTunnelAcl standard permit 192.100.1.0 255.255.255.0
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value RemoteVPN_splitTunnelAcl#

If its a v6 Firewall remove the lines that LOOK LIKE

access-list splitTunnelAcl permit ip 192.168.0.0 255.255.255.0 any
vpngroup groupname split-tunnel splitTunnelAcl
0
 
JFrederick29Commented:
Actually you want to enable Split Tunneling...
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Pete LongConsultantCommented:
Ah  yes indeedy - Friday afternoon :)
0
 
lrmooreCommented:
As JFrederick29 said, there is absolutely nothing you can do on  your client end to change this behavior as it is controlled by the VPN server end (PIX or VPN3000?).
You can also check to be sure that the three IP subnets in use are not overlapping, ie.:
local LAN = 192.168.1.x
VPN client subnet = 192.168.2.x
remote LAN = 192.168.1.x
There must not be any overlap. If this is the case, you can always renumber your network so that the local LAN is not the same as either the vpn client or the remote lan. Then you might get local access.
0
 
tadatomAuthor Commented:
The issue I have is that I have no access to the remote site and having spoken to the support team at the remote site they will not adjust anything but at our end when we connect nothing local works (i.e. company databases, sage, e-mails, web & printers) and if people haven't closed some of the database programs it is a hell of a job to unlock their db username to enable them to get back in as they hadn't properly logged out.
0
 
lrmooreCommented:
Do you have overlapping subnets?
0
 
tadatomAuthor Commented:
There are no overlapping subnets
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now