Cisco VPN

I have been allocated a CISCO VPN to my companies network which then allows me to remote desktop to my computer.

My only issue with this, is that it then disconnects or rather prevents me from accessing the internet outside of the VPN connection i.e. I minimise the VPN session and then launch firefox or IE etc and nothing will work until I disconnect the VPN completely.

Why does this happen and how can I get around this so that I can use both VPN and my regular connection at the same time by multi tasking?

I am using a windows 7 professional desktop.
hedgeselectAsked:
Who is Participating?
 
RPPreacherConnect With a Mentor Commented:
Have the network administrator enable split tunneling.  That's the only way.

It's a change in the Cisco device.
0
 
ckivmlConnect With a Mentor Commented:
Your have to turn on split tunnelling. Split tunelling allows local traffic & internet traffic to remain local, and only sends traffic destined for the remote network through the tunnel. This option must be enabled on the appliance(ASA or router) side and cannot be enabled on the client.
0
 
ckivmlConnect With a Mentor Commented:
you can enable the split tunneling..

please see below url to do it so

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
RPPreacherCommented:
Echo.
0
 
hedgeselectAuthor Commented:
This seems a bit confusing to follow on that link.

Is there anything I can do my end i.e. on the windows 7 PC or on the VPN client window?

I dont know if the setup was originally done that way for security reasons by my company.  All I  know is that it is extremely annoying as I have to shut down the VPN to access my email and my browser sessions.
0
 
RPPreacherCommented:
No. Must be done on the Asa or pix.
0
 
QlemoConnect With a Mentor DeveloperCommented:
Usually you would trick the connection by defining more specific routes then the default route, but that does not work with Cisco VPN. The VPN client intercepts IP traffic and decides itself whether it is "interesting" traffic  - having to pass the VPN tunnel -  or "other", staying local. Without split-tunnelling no local traffic is allowed, besides the VPN tunnel itself.
0
 
Marc ZConnect With a Mentor Commented:
Simplified - you cannot do anything on your end. You need to talk to your IT pEople and explain Why you need to access the internet through their network.  
Your IT people are trying to kEep their network safe.  And their employees working. If you need access to outside internet sites while on the job, provide them with a list of sites you need to access and they will give you access to them OR you can set up a separate machine, not VPNed to their network and use that for your internet access while at work.
I find it hard to believe that your IT department is blocking all internet access unless you are referring to just certain sites.   Typical use of VPN in a business environment is for u to access the Business intranet, and not the www.   Your IT people control the VPN so that if u are surfing the wrong sites, the corporate network cannot get hacked/infected.
0
 
RPPreacherCommented:
So it looks like everyone is agreeing with my original response.  Do you need any additional info before closing this?
0
 
ckivmlConnect With a Mentor Commented:
No you cannot. you can ask you IT dept.. do so . they have to do this in ASA
0
 
diepesConnect With a Mentor Commented:
One option would be to run the VPN client in a virtual machine, thus allowing the host to still see all of the network.
0
 
Boilermaker85Connect With a Mentor Commented:
This is by design. Your corporate team is trying to protect their assets by not allowing your VPN to be accessible from a malicious Internet device. If they can verify that your PC has good security, they might allow split tunneling. There are ways to do host validation of antivirus and patching up to date, and firewall turned on, etc., but since you are using the VPN Client, it is likely your IT dept has not implemented host security posture validation.  At any rate, you need to balance your desire to multitask version the amount of effort and expense for IT to engineer an exception for you. Good luck.
0
 
hedgeselectAuthor Commented:
diepes,
Funny you mention that, as I was considering doing that anyway when I get a moment.   Does anyone think that will work i.e. running VPN on a Microsoft Virtual Machine?
0
 
QlemoConnect With a Mentor DeveloperCommented:
It does. But be prepared that you need to access via the integrated GUI methods, as the "traditional" RDP will not work - no local LAN access ... VPC uses RDP, AFAIK, but not using LAN IP addresses for that, so it should still work. VMWare needs VIX or the Web browser based access method to work.

We use Cisco VPN in a VMWare session running on a server for that purpose.

From an IT administrative POV using a VM is absolutely fine, as you won't break or circumvent security.
0
 
hedgeselectAuthor Commented:
Just spoke to my IT dept now, they say that they dont permit split tunnelling.

I guess that means that only way I can either try the MVM method or just have to disconnect from VPN to use personal browsing on the PC.

Thanks.
0
All Courses

From novice to tech pro — start learning today.