Cisco VPN

I have been allocated a CISCO VPN to my companies network which then allows me to remote desktop to my computer.

My only issue with this, is that it then disconnects or rather prevents me from accessing the internet outside of the VPN connection i.e. I minimise the VPN session and then launch firefox or IE etc and nothing will work until I disconnect the VPN completely.

Why does this happen and how can I get around this so that I can use both VPN and my regular connection at the same time by multi tasking?

I am using a windows 7 professional desktop.
hedgeselectAsked:
Who is Participating?
 
RPPreacherCommented:
Have the network administrator enable split tunneling.  That's the only way.

It's a change in the Cisco device.
0
 
ckivmlCommented:
Your have to turn on split tunnelling. Split tunelling allows local traffic & internet traffic to remain local, and only sends traffic destined for the remote network through the tunnel. This option must be enabled on the appliance(ASA or router) side and cannot be enabled on the client.
0
 
ckivmlCommented:
you can enable the split tunneling..

please see below url to do it so

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
RPPreacherCommented:
Echo.
0
 
hedgeselectAuthor Commented:
This seems a bit confusing to follow on that link.

Is there anything I can do my end i.e. on the windows 7 PC or on the VPN client window?

I dont know if the setup was originally done that way for security reasons by my company.  All I  know is that it is extremely annoying as I have to shut down the VPN to access my email and my browser sessions.
0
 
RPPreacherCommented:
No. Must be done on the Asa or pix.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Usually you would trick the connection by defining more specific routes then the default route, but that does not work with Cisco VPN. The VPN client intercepts IP traffic and decides itself whether it is "interesting" traffic  - having to pass the VPN tunnel -  or "other", staying local. Without split-tunnelling no local traffic is allowed, besides the VPN tunnel itself.
0
 
Marc ZCommented:
Simplified - you cannot do anything on your end. You need to talk to your IT pEople and explain Why you need to access the internet through their network.  
Your IT people are trying to kEep their network safe.  And their employees working. If you need access to outside internet sites while on the job, provide them with a list of sites you need to access and they will give you access to them OR you can set up a separate machine, not VPNed to their network and use that for your internet access while at work.
I find it hard to believe that your IT department is blocking all internet access unless you are referring to just certain sites.   Typical use of VPN in a business environment is for u to access the Business intranet, and not the www.   Your IT people control the VPN so that if u are surfing the wrong sites, the corporate network cannot get hacked/infected.
0
 
RPPreacherCommented:
So it looks like everyone is agreeing with my original response.  Do you need any additional info before closing this?
0
 
ckivmlCommented:
No you cannot. you can ask you IT dept.. do so . they have to do this in ASA
0
 
diepesCommented:
One option would be to run the VPN client in a virtual machine, thus allowing the host to still see all of the network.
0
 
Boilermaker85Commented:
This is by design. Your corporate team is trying to protect their assets by not allowing your VPN to be accessible from a malicious Internet device. If they can verify that your PC has good security, they might allow split tunneling. There are ways to do host validation of antivirus and patching up to date, and firewall turned on, etc., but since you are using the VPN Client, it is likely your IT dept has not implemented host security posture validation.  At any rate, you need to balance your desire to multitask version the amount of effort and expense for IT to engineer an exception for you. Good luck.
0
 
hedgeselectAuthor Commented:
diepes,
Funny you mention that, as I was considering doing that anyway when I get a moment.   Does anyone think that will work i.e. running VPN on a Microsoft Virtual Machine?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
It does. But be prepared that you need to access via the integrated GUI methods, as the "traditional" RDP will not work - no local LAN access ... VPC uses RDP, AFAIK, but not using LAN IP addresses for that, so it should still work. VMWare needs VIX or the Web browser based access method to work.

We use Cisco VPN in a VMWare session running on a server for that purpose.

From an IT administrative POV using a VM is absolutely fine, as you won't break or circumvent security.
0
 
hedgeselectAuthor Commented:
Just spoke to my IT dept now, they say that they dont permit split tunnelling.

I guess that means that only way I can either try the MVM method or just have to disconnect from VPN to use personal browsing on the PC.

Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.