Solved

Cisco VPN

Posted on 2011-02-27
15
471 Views
Last Modified: 2012-06-27
I have been allocated a CISCO VPN to my companies network which then allows me to remote desktop to my computer.

My only issue with this, is that it then disconnects or rather prevents me from accessing the internet outside of the VPN connection i.e. I minimise the VPN session and then launch firefox or IE etc and nothing will work until I disconnect the VPN completely.

Why does this happen and how can I get around this so that I can use both VPN and my regular connection at the same time by multi tasking?

I am using a windows 7 professional desktop.
0
Comment
Question by:hedgeselect
  • 4
  • 3
  • 3
  • +4
15 Comments
 
LVL 20

Accepted Solution

by:
RPPreacher earned 56 total points
ID: 34992591
Have the network administrator enable split tunneling.  That's the only way.

It's a change in the Cisco device.
0
 
LVL 6

Assisted Solution

by:ckivml
ckivml earned 167 total points
ID: 34992625
Your have to turn on split tunnelling. Split tunelling allows local traffic & internet traffic to remain local, and only sends traffic destined for the remote network through the tunnel. This option must be enabled on the appliance(ASA or router) side and cannot be enabled on the client.
0
 
LVL 6

Assisted Solution

by:ckivml
ckivml earned 167 total points
ID: 34992635
you can enable the split tunneling..

please see below url to do it so

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702999.shtml
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 20

Expert Comment

by:RPPreacher
ID: 34992655
Echo.
0
 

Author Comment

by:hedgeselect
ID: 34992680
This seems a bit confusing to follow on that link.

Is there anything I can do my end i.e. on the windows 7 PC or on the VPN client window?

I dont know if the setup was originally done that way for security reasons by my company.  All I  know is that it is extremely annoying as I have to shut down the VPN to access my email and my browser sessions.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 34992943
No. Must be done on the Asa or pix.
0
 
LVL 69

Assisted Solution

by:Qlemo
Qlemo earned 111 total points
ID: 34993185
Usually you would trick the connection by defining more specific routes then the default route, but that does not work with Cisco VPN. The VPN client intercepts IP traffic and decides itself whether it is "interesting" traffic  - having to pass the VPN tunnel -  or "other", staying local. Without split-tunnelling no local traffic is allowed, besides the VPN tunnel itself.
0
 
LVL 30

Assisted Solution

by:Marc Z
Marc Z earned 56 total points
ID: 34993624
Simplified - you cannot do anything on your end. You need to talk to your IT pEople and explain Why you need to access the internet through their network.  
Your IT people are trying to kEep their network safe.  And their employees working. If you need access to outside internet sites while on the job, provide them with a list of sites you need to access and they will give you access to them OR you can set up a separate machine, not VPNed to their network and use that for your internet access while at work.
I find it hard to believe that your IT department is blocking all internet access unless you are referring to just certain sites.   Typical use of VPN in a business environment is for u to access the Business intranet, and not the www.   Your IT people control the VPN so that if u are surfing the wrong sites, the corporate network cannot get hacked/infected.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 34993861
So it looks like everyone is agreeing with my original response.  Do you need any additional info before closing this?
0
 
LVL 6

Assisted Solution

by:ckivml
ckivml earned 167 total points
ID: 34994495
No you cannot. you can ask you IT dept.. do so . they have to do this in ASA
0
 
LVL 7

Assisted Solution

by:diepes
diepes earned 55 total points
ID: 34996135
One option would be to run the VPN client in a virtual machine, thus allowing the host to still see all of the network.
0
 
LVL 7

Assisted Solution

by:Boilermaker85
Boilermaker85 earned 55 total points
ID: 34997265
This is by design. Your corporate team is trying to protect their assets by not allowing your VPN to be accessible from a malicious Internet device. If they can verify that your PC has good security, they might allow split tunneling. There are ways to do host validation of antivirus and patching up to date, and firewall turned on, etc., but since you are using the VPN Client, it is likely your IT dept has not implemented host security posture validation.  At any rate, you need to balance your desire to multitask version the amount of effort and expense for IT to engineer an exception for you. Good luck.
0
 

Author Comment

by:hedgeselect
ID: 35001078
diepes,
Funny you mention that, as I was considering doing that anyway when I get a moment.   Does anyone think that will work i.e. running VPN on a Microsoft Virtual Machine?
0
 
LVL 69

Assisted Solution

by:Qlemo
Qlemo earned 111 total points
ID: 35002426
It does. But be prepared that you need to access via the integrated GUI methods, as the "traditional" RDP will not work - no local LAN access ... VPC uses RDP, AFAIK, but not using LAN IP addresses for that, so it should still work. VMWare needs VIX or the Web browser based access method to work.

We use Cisco VPN in a VMWare session running on a server for that purpose.

From an IT administrative POV using a VM is absolutely fine, as you won't break or circumvent security.
0
 

Author Comment

by:hedgeselect
ID: 35017043
Just spoke to my IT dept now, they say that they dont permit split tunnelling.

I guess that means that only way I can either try the MVM method or just have to disconnect from VPN to use personal browsing on the PC.

Thanks.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question