cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1363
Views
5
Helpful
6
Replies

Is there a way to add local network access if split tunneling is not enabled by the network admin?

gaojun
Level 1
Level 1

Hi Folks,

The network administrator does not enable the split tunneling. Is there a "special way" to enable the local network access after VPN is connected in Cisco VPN Client (Cisco AnyConnect is not enabled/allowed by the network administrator)?

After the VPN is connected in Cisco VPN Client, the default gateway will be the remote network only. Even the local subnet of the client machine connected is not able to be accessed. An example,

  • The client machine IP address is 192.168.0.2/24 and the local subnet is 192.168.0.0/24
  • The client machine is even not able to ping/access the default gateway of its local subnet 192.168.0.1 once VPN is connected

I don't think add static routes on the client machine can achieve. So is there a "special way" to enable the local network access after VPN is connected, at least the local subnet of the client machine connected (192.168.0.0/24)?

Thank,
Jun

6 Replies 6

Terence Payet
Level 1
Level 1

Hi,

Unfortunately no. Your admin needs to enable split-tunneling.

HTH.

Regards,

Terence 

Actually what I would like to look for a workaround to defeat the whole purpose of not alowing split tunneling. Simply speaking, I want to "crack" it on local machine.

I don't understand why Cisco would like to restrict it? I can copy the data from remote, disconnect the VPN, and connect to my local network, and then I can copy to anywhere as I want.

If you can crack it, Cisco has a job opening for you. Maybe the NSA does too.

The principle which it is designed to prevent is having an active two way communications channel between a compromised machine and the secured remote network. True it does not prevent an asynchronous or asymmetrical attack vector - but no security countermeasure prevents all attacks.

Whether or not you agree with why it makes sense, that is how it is designed to work. 

Are you seriously in the Cisco Supt Forums asking how to defeat a fundamental principle of Cisco RA VPN?

Good luck with that.

Pete

Marvin Rhoads
Hall of Fame
Hall of Fame

Like Terence said - no.

If you could do that, it would defeat the whole purpose of not allowing split tunneling.

Hi Marvin, Thanks for your reply. Actually what I would like to check is to look for a workaround to defeat the whole purpose of not alowing split tunneling. Regards, Jun
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: