Solved

Cisco VPN

Posted on 2011-02-27
15
450 Views
Last Modified: 2012-06-27
I have been allocated a CISCO VPN to my companies network which then allows me to remote desktop to my computer.

My only issue with this, is that it then disconnects or rather prevents me from accessing the internet outside of the VPN connection i.e. I minimise the VPN session and then launch firefox or IE etc and nothing will work until I disconnect the VPN completely.

Why does this happen and how can I get around this so that I can use both VPN and my regular connection at the same time by multi tasking?

I am using a windows 7 professional desktop.
0
Comment
Question by:hedgeselect
  • 4
  • 3
  • 3
  • +4
15 Comments
 
LVL 20

Accepted Solution

by:
RPPreacher earned 56 total points
ID: 34992591
Have the network administrator enable split tunneling.  That's the only way.

It's a change in the Cisco device.
0
 
LVL 6

Assisted Solution

by:ckivml
ckivml earned 167 total points
ID: 34992625
Your have to turn on split tunnelling. Split tunelling allows local traffic & internet traffic to remain local, and only sends traffic destined for the remote network through the tunnel. This option must be enabled on the appliance(ASA or router) side and cannot be enabled on the client.
0
 
LVL 6

Assisted Solution

by:ckivml
ckivml earned 167 total points
ID: 34992635
you can enable the split tunneling..

please see below url to do it so

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 34992655
Echo.
0
 

Author Comment

by:hedgeselect
ID: 34992680
This seems a bit confusing to follow on that link.

Is there anything I can do my end i.e. on the windows 7 PC or on the VPN client window?

I dont know if the setup was originally done that way for security reasons by my company.  All I  know is that it is extremely annoying as I have to shut down the VPN to access my email and my browser sessions.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 34992943
No. Must be done on the Asa or pix.
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 111 total points
ID: 34993185
Usually you would trick the connection by defining more specific routes then the default route, but that does not work with Cisco VPN. The VPN client intercepts IP traffic and decides itself whether it is "interesting" traffic  - having to pass the VPN tunnel -  or "other", staying local. Without split-tunnelling no local traffic is allowed, besides the VPN tunnel itself.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 30

Assisted Solution

by:mtz1of4
mtz1of4 earned 56 total points
ID: 34993624
Simplified - you cannot do anything on your end. You need to talk to your IT pEople and explain Why you need to access the internet through their network.  
Your IT people are trying to kEep their network safe.  And their employees working. If you need access to outside internet sites while on the job, provide them with a list of sites you need to access and they will give you access to them OR you can set up a separate machine, not VPNed to their network and use that for your internet access while at work.
I find it hard to believe that your IT department is blocking all internet access unless you are referring to just certain sites.   Typical use of VPN in a business environment is for u to access the Business intranet, and not the www.   Your IT people control the VPN so that if u are surfing the wrong sites, the corporate network cannot get hacked/infected.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 34993861
So it looks like everyone is agreeing with my original response.  Do you need any additional info before closing this?
0
 
LVL 6

Assisted Solution

by:ckivml
ckivml earned 167 total points
ID: 34994495
No you cannot. you can ask you IT dept.. do so . they have to do this in ASA
0
 
LVL 7

Assisted Solution

by:diepes
diepes earned 55 total points
ID: 34996135
One option would be to run the VPN client in a virtual machine, thus allowing the host to still see all of the network.
0
 
LVL 7

Assisted Solution

by:Boilermaker85
Boilermaker85 earned 55 total points
ID: 34997265
This is by design. Your corporate team is trying to protect their assets by not allowing your VPN to be accessible from a malicious Internet device. If they can verify that your PC has good security, they might allow split tunneling. There are ways to do host validation of antivirus and patching up to date, and firewall turned on, etc., but since you are using the VPN Client, it is likely your IT dept has not implemented host security posture validation.  At any rate, you need to balance your desire to multitask version the amount of effort and expense for IT to engineer an exception for you. Good luck.
0
 

Author Comment

by:hedgeselect
ID: 35001078
diepes,
Funny you mention that, as I was considering doing that anyway when I get a moment.   Does anyone think that will work i.e. running VPN on a Microsoft Virtual Machine?
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 111 total points
ID: 35002426
It does. But be prepared that you need to access via the integrated GUI methods, as the "traditional" RDP will not work - no local LAN access ... VPC uses RDP, AFAIK, but not using LAN IP addresses for that, so it should still work. VMWare needs VIX or the Web browser based access method to work.

We use Cisco VPN in a VMWare session running on a server for that purpose.

From an IT administrative POV using a VM is absolutely fine, as you won't break or circumvent security.
0
 

Author Comment

by:hedgeselect
ID: 35017043
Just spoke to my IT dept now, they say that they dont permit split tunnelling.

I guess that means that only way I can either try the MVM method or just have to disconnect from VPN to use personal browsing on the PC.

Thanks.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now