7

I'm a developer and don't have much networking expertise, so bear with me.

I'm using the Cisco VPN Client 5.0.02.0090 to connect to my work's VPN that way I can RDP into my work computer. Once connected, I can't ping anything on the local network once connected to the VPN thus I am unable to access my work's network. This used to work about two weeks ago but abruptly stopped working today.

However, I have the Cisco VPN Client installed on my laptop and I am able to ping and RDP into my work computer from there. Both my desktop and laptop computers are connected to the same router at home.

I have tried the following so far:

  • Rebooted my computer
  • Reinstalled VPN client
  • Updated NIC drivers
  • Disabled firewall
  • Opened up ports 500, 4500, and 10000

Any help would be much appreciated. Thanks!

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
Bryan Roth
  • 181
  • 2
  • 4
  • 15
  • 1
    I don't mean to be a stickler, but if you read in the FAQ (http://serverfault.com/faq): `Server Fault is for system administrators and IT professionals, people who manage or maintain computers in a professional capacity.` - ErikA is right, you need to speak to your sysadmin. – Mark Henderson Mar 26 '10 at 02:21
  • 1
    @Fareseeker: Sorry about that. I figured it would be fair to ask a question of this nature here. – Bryan Roth Mar 26 '10 at 03:22
  • don't worry - nobody has voted to close :) – Mark Henderson Mar 26 '10 at 03:57

5 Answers5

2

This is completely normal behaviour for the Cisco VPN client. In fact, many workplaces absolutally DEMAND this, as their contracts may require that if a computer is on their network, then it must ONLY be on their network (and not multi-homed).

Yes, there are ways around it, but you need to speak to your sysadmin about this.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
  • I have spoken with my sysadmin about this - he is the one who gave me the setup files for the VPN client along with the correct profiles. Like I said, it worked before but abruptly stopped working. I'm perplexed. – Bryan Roth Mar 26 '10 at 03:22
  • 1
    Hi Bryan. The ShrewSoft VPN client (http://www.shrew.net/) will do what you want. It will load the Cisco profile, and will allow you to specify which networks are on the VPN, so that all the other traffic flows over the LAN. You will need to ask your sysadmin which subnets are on the remote network to get it to work. If your network and the VPN network are on the same subnet, then your only choice is to change your local network. – Mark Henderson Mar 26 '10 at 03:55
  • As to why it used to work, I'm afraid I can't help with that one! (well, there's hundreds of issues it could be, and your sysadmin is the only one who would be able to help diagnose it) – Mark Henderson Mar 26 '10 at 03:59
1

Did you try disabling the client's built in firewall(not the one of the OS)? That frequently gets in the way.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
huh
  • 11
  • 1
0

Well, have you talked to your IT department? Seems like the most logical first step.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • Yes; I went to my coworkers for help first. Then I did some research on my own and came up empty handed. So, I figured I would give it a shot here. – Bryan Roth Mar 26 '10 at 03:19
0

I have never seen a VPN configuration where the local network was accessable when the VPN connection was live. This is to protect the data from being clone out on the LAN. The only was around this is if the VPN admin will possibly allow what is known as "split tunneling". My guess is it will be a serious no go.

duffbeer703
  • 20,797
  • 4
  • 31
  • 39
Liam
  • 499
  • 3
  • 5
  • It's actually typically called split tunnelling. – EEAA Mar 26 '10 at 02:54
  • I have heard that a split tunnel was two differnt VPN connections for differnt port ranges. Possibly there is some terminology confusion at our office or it might be a case of ambigous terminalogy. – Liam Mar 26 '10 at 02:59
  • 2
    Joe, I do this all the time. When I VPN into a client network remotely, I absolutally 100% must have my local LAN connectivity. You can do it in the Windows VPN connection by un-checking "use gateway on remote network", and you can bypass it on a Cisco VPN by using the http://www.shrew.net/ client if the Cisco profile has it disabled. – Mark Henderson Mar 26 '10 at 03:56
0

Make sure "Allow local lan access" is checked in the VPN client.

If you are in control of your lan, consider changing the subnet of that lan to one of the following if its not this already.

  • 192.168.214.0/24
  • 192.168.215.0/24
  • 192.168.216.0/24

This is what my Sys Admin buddy told me I needed to do to make this work. YMMV.

Ed

user153108
  • 1