04-02-2012 09:05 AM - edited 02-21-2020 05:59 PM
I connect to my corporate network using Cisco AnyConnect Secure Mobility Client. Once connected I can no longer print to my LAN attached printer and other local resources. I use the Cisco/Lyncsys E4200 router on my LAN and can re-connect to the storage on the local LAN by setting up Port Forwarding of port 21 and MS Windows FTP folder sharing. However, I can't seem to connect to a Terminal Services client by forwarding port 3389. Is there a way to connect to the local LAN after logging into the VPN connection. I can connect to regular HTTP/HTTPS sites and most other type of connectiins, just not my own local resources.
Thanks in advance...JS
Solved! Go to Solution.
04-03-2012 11:12 AM
Glad to help, for what it's worth. Please mark question as answered if indeed it is and rate if the answer is helpful.
04-02-2012 06:58 PM
Your corporate administrator has likely setup the AnyConnect connection to NOT allow split tunneling - i.e., allowing corporate connections to go via the VPN while at the same time allowing local (or Internet) connections to go out via the local connection.
You can confirm this on your client (when connected) by clicking the "Advanced" link in the AnyConnect client system tray icon and looking at the "Route Details" tab. Seeing 0.0.0.0 as a secured route would indicate that split tunneling is not allowed in your VPN policy.
04-03-2012 11:09 AM
Yes, there-in is the problem. Since I have to disconnect from the VPN Software in order to access an already firewalled local LAN, it appears to me like an even greater risk than allowing direct access. I understand you are required to say what you did in this public thread.
Thanks for your response…JS
04-03-2012 11:12 AM
Glad to help, for what it's worth. Please mark question as answered if indeed it is and rate if the answer is helpful.
02-04-2016 07:38 AM
Hi Marvin,
I have a full tunnel profile configured for some departments. VPN is used from a wide range of locations so "local LAN" will have different IP networks up to each's location.
How can I allow local lan access to these guys?
On the IPSEC client (on Cisco routers at least), that was possible with just one command if you remember.
Thanks in advance,
Florin.
02-04-2016 08:37 AM
When you have split tunneling enabled, the ASA or head end router policy uses an access-list to determine which networks at the main network should be tunneled. They end up in the IPsec Security Associations (SAs) and are installed as routes on the client bound to the VPN tunnel virtual interface.
Anything not explicitly on that list will continue to use the client's local default gateway for reachability to those networks.
When you're on a VPN, you can see them in the AnyConnect client's Advanced window as follows (open in new tab to zoom):
[[{"type":"media","fid":"1253711","view_mode":"default","link_text":null,"attributes":{"alt":"AnyConnect client VPN routes","title":"AnyConnect client VPN routes","height":"542","width":"837","class":"image-style-none media-element file-default"}}]]
02-05-2016 12:22 AM
Thank you Marvin!
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide