tadatom
asked on
Cisco, VPN Client, 3.6.6, Allow Local LAN Access
When I connect to a remote network using Cisco VPN Client I loose access to my local LAN.
I have made sure that the "Allow Local LAN Access" option is enabled but when I connect and then view the status it says that this feature is disabled.
From what I can see it seems like the remote network server is over riding the local settings.
Is there anything I can do to make it allow the local lan access because when ever the VPN is connected we are unable to access the local network printers to print out the documents that we download.
Any help would be gratefully appreciated.
Tom
I have made sure that the "Allow Local LAN Access" option is enabled but when I connect and then view the status it says that this feature is disabled.
From what I can see it seems like the remote network server is over riding the local settings.
Is there anything I can do to make it allow the local lan access because when ever the VPN is connected we are unable to access the local network printers to print out the documents that we download.
Any help would be gratefully appreciated.
Tom
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Actually you want to enable Split Tunneling...
Ah yes indeedy - Friday afternoon :)
As JFrederick29 said, there is absolutely nothing you can do on your client end to change this behavior as it is controlled by the VPN server end (PIX or VPN3000?).
You can also check to be sure that the three IP subnets in use are not overlapping, ie.:
local LAN = 192.168.1.x
VPN client subnet = 192.168.2.x
remote LAN = 192.168.1.x
There must not be any overlap. If this is the case, you can always renumber your network so that the local LAN is not the same as either the vpn client or the remote lan. Then you might get local access.
You can also check to be sure that the three IP subnets in use are not overlapping, ie.:
local LAN = 192.168.1.x
VPN client subnet = 192.168.2.x
remote LAN = 192.168.1.x
There must not be any overlap. If this is the case, you can always renumber your network so that the local LAN is not the same as either the vpn client or the remote lan. Then you might get local access.
ASKER
The issue I have is that I have no access to the remote site and having spoken to the support team at the remote site they will not adjust anything but at our end when we connect nothing local works (i.e. company databases, sage, e-mails, web & printers) and if people haven't closed some of the database programs it is a hell of a job to unlock their db username to enable them to get back in as they hadn't properly logged out.
Do you have overlapping subnets?
ASKER
There are no overlapping subnets
Enabling and Disabling Split Tunnelling
If its v7 or 8 remove the two lines that LOOK LIKE
access-list RemoteVPN_splitTunnelAcl standard permit 192.100.1.0 255.255.255.0
split-tunnel-policy tunnelspecified
split-tunnel-network-list value RemoteVPN_splitTunnelAcl#
If its a v6 Firewall remove the lines that LOOK LIKE
access-list splitTunnelAcl permit ip 192.168.0.0 255.255.255.0 any
vpngroup groupname split-tunnel splitTunnelAcl