How to allow local LAN access while connected to Cisco VPN?
Posted
by
Ian Boyd
on Super User
See other posts from Super User
or by Ian Boyd
Published on 2011-05-17T14:23:58Z
Indexed on
2012/06/17
15:18 UTC
Read the original article
Hit count: 643
cisco-vpn-client
|cisco
How can I maintain local LAN access while connected to Cisco VPN?
When connecting using Cisco VPN, the server has to ability to instruct the client to prevent local LAN access.
Assuming this server-side option cannot be turned off, how can allow local LAN access while connected with a Cisco VPN client?
I used to think it was simply a matter of routes being added that capture LAN traffic with a higher metric, for example:
Network
Destination Netmask Gateway Interface Metric
10.0.0.0 255.255.0.0 10.0.0.3 10.0.0.3 20 <--Local LAN
10.0.0.0 255.255.0.0 192.168.199.1 192.168.199.12 1 <--VPN Link
And trying to delete the 10.0.x.x -> 192.168.199.12
route don't have any effect:
>route delete 10.0.0.0
>route delete 10.0.0.0 mask 255.255.0.0
>route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1
>route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 if 192.168.199.12
>route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 if 0x3
And while it still might simply be a routing issue, attempts to add or delete routes fail.
At what level is Cisco VPN client driver doing what in the networking stack that takes overrides a local administrator's ability to administer their machine?
The Cisco VPN client cannot be employing magic. It's still software running on my computer. What mechanism is it using to interfere with my machine's network? What happens when an IP/ICMP packet arrives on the network? Where in the networking stack is the packet getting eaten?
See also
- No internet connection with Cisco VPN
- Cisco VPN Client interrupts connectivity to my LDAP server
- Cisco VPN stops Windows 7 Browsing
- How can I prohibit the creation of a route in Windows XP upon connection to Cisco VPN?
- Rerouting local LAN and Internet traffic when in VPN
- VPN Client "Allow local LAN Access"
- Allow Local LAN Access for VPN Clients on the VPN 3000 Concentrator Configuration Example
- LAN access gone when I connect to VPN
- Windows XP Documentation: Route
Edit: Things I've not yet tried:
>route delete 10.0.*
Update: Since Cisco has abandoned their old client, in favor of AnyConnect (HTTP SSL based VPN), this question, unsolved, can be left as a relic of history.
Going forward, we can try to solve the same problem with their new client.
© Super User or respective owner