cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
954
Views
5
Helpful
6
Replies
gaojun
Beginner

Is there a way to add local network access if split tunneling is not enabled by the network admin?

Hi Folks,

The network administrator does not enable the split tunneling. Is there a "special way" to enable the local network access after VPN is connected in Cisco VPN Client (Cisco AnyConnect is not enabled/allowed by the network administrator)?

After the VPN is connected in Cisco VPN Client, the default gateway will be the remote network only. Even the local subnet of the client machine connected is not able to be accessed. An example,

  • The client machine IP address is 192.168.0.2/24 and the local subnet is 192.168.0.0/24
  • The client machine is even not able to ping/access the default gateway of its local subnet 192.168.0.1 once VPN is connected

I don't think add static routes on the client machine can achieve. So is there a "special way" to enable the local network access after VPN is connected, at least the local subnet of the client machine connected (192.168.0.0/24)?

Thank,
Jun

6 REPLIES 6
Terence Payet
Beginner

Hi,

Unfortunately no. Your admin needs to enable split-tunneling.

HTH.

Regards,

Terence 

Actually what I would like to look for a workaround to defeat the whole purpose of not alowing split tunneling. Simply speaking, I want to "crack" it on local machine.

I don't understand why Cisco would like to restrict it? I can copy the data from remote, disconnect the VPN, and connect to my local network, and then I can copy to anywhere as I want.

If you can crack it, Cisco has a job opening for you. Maybe the NSA does too.

The principle which it is designed to prevent is having an active two way communications channel between a compromised machine and the secured remote network. True it does not prevent an asynchronous or asymmetrical attack vector - but no security countermeasure prevents all attacks.

Whether or not you agree with why it makes sense, that is how it is designed to work. 

Are you seriously in the Cisco Supt Forums asking how to defeat a fundamental principle of Cisco RA VPN?

Good luck with that.

Pete

Marvin Rhoads
Hall of Fame Guru

Like Terence said - no.

If you could do that, it would defeat the whole purpose of not allowing split tunneling.

Hi Marvin, Thanks for your reply. Actually what I would like to check is to look for a workaround to defeat the whole purpose of not alowing split tunneling. Regards, Jun
Content for Community-Ad