Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
0
Helpful
3
Replies

How to access to LAN private subnet IP robbed by VPN server?

toddzhang
Level 1
Level 1

‎03-12-2003 03:55 PM - edited ‎02-21-2020 12:24 PM

Anyother question about cisco VPN dialer(3.5.2), can we use access LAN private subnet IP (like 10.* and 192.168.*) and remote VPN private subnet IP at same time? I have used Nortel VPN client, it generates a different node so I can specify different routes for private IP addresses that I prefer. In that way I can access LAN private machines and VPN at the same time. The VPN server is set to route all private subnet through secured tunnel so I am not able to access LAN private subnet machines. However, I can access LAN IP other than listed in the VPN server table. I heard something like split tunnel about this. I believe how to route client traffic should be totally depends on the client machine. So is there any VPN dialer version or config allow me to manually control the route so I can reclaim those robbed IP's?

Labels:
0 Helpful
3 Replies 3

gfullage
Cisco Employee
Cisco Employee

‎03-12-2003 04:51 PM

You can enable "Local LAN Access" on the Headend(VPN3000) side first, go to :

Configuration->User Mgmt->Group Mgmt->Modify Group->Client Config tab, and then configure:

Tunnel everything (Select this radio button)

Allow the networks in list to bypass the tunnel (check this box)

and then under "Split Tunneling Network List", select :

VPN Client Local LAN (Default)

and reconnect your client, it should work.

0 Helpful

toddzhang
Level 1
Level 1
In response to gfullage

‎03-12-2003 05:01 PM

Thank you for your response. Unfortunately I don't have control of the VPN server. This might be a security feature, however I don't think it makes too much sense. Because VPN is based on LAN to internet usually, any traffic should reply on LAN. To limit user to access LAN is kinda ... And anyway, it didn't limit user to access real LAN address besides private network. And technically, I don't think the server can control the client route. Cisco must have done something in the VPN dialer to make client control route more difficult. I wonder if some one provide lower/higher level back door to allow user bypass the control of VPN dialer.

0 Helpful

jwilder
Level 1
Level 1
In response to toddzhang

‎03-19-2003 08:49 AM

Acually this make all kinds of sense from a network security point. Split tunneling is a HUGE security hole in your network design. If I have a PRIVATE LAN setup with a firewall protecting me from the internet and then I allow say you to connect to my private network via VPN and allow split tunneling I have just provide a route to my private nework right around my firewall to the public internet through YOUR internet connection WITHOUT any protection to my network whatsoever.

0 Helpful
Customers Also Viewed These Support Documents