Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
0
Helpful
5
Replies

VPN client enable for ethernet and dialup

justinvo
Level 1
Level 1

‎06-05-2002 09:23 PM - edited ‎02-21-2020 11:47 AM

Hello All,

is it possible to have the VPN client (3.5.2) to protect both the ethernet and dialup ? instead only the dialup.

we got a PC that need to access the LAN and VPN at the sametime e.g. file sharing and printing. I would like to have FW client to protect the Ethernet with its stateful capability.

I'm using VPN 3015 and VPN client 3.5.2

thanks

Justin

Labels:
0 Helpful
5 Replies 5

vijkrish
Cisco Employee
Cisco Employee

‎06-10-2002 12:59 AM

By default the CIC feature (Cisco Integrated feature) only allows connections originated by the client to be permitted. this means it should protect both dialup and lan. Are you seeing a different behaviour ? Can you pls. elaborate ?

0 Helpful

justinvo
Level 1
Level 1
In response to vijkrish

‎06-10-2002 02:59 AM

Hello,

That's what I thought but I just couldn't get the client to access the LAN part until I unbind the Deterministic Network Enhancer (DNE) from the NIC.

The problem I have is that traffic is going back to the coporate network but not out to local LAN.

Is there any gotcha that I should watch out for ? My profile is tunnel everything except network in list. The list contain my local LAN. The FW rules is any out/in

Much appreciate

Justin

0 Helpful

justinvo
Level 1
Level 1
In response to vijkrish

‎06-10-2002 03:38 PM

I have a test environment now and access to local LAN is working but I'm unable to put any rules against it.

Checking the FW tab show that there are two allowed rules (inbound and outbound) and two drop rules.

I know why the two drop rules are there but I can't find anywhere about the two allowed rules. The allowed rules are Any to Local and Local to Any. My current filters are blank.

Anyone know why it's like this ? I'm doing a Tunnel all except Network in List.

thanks

Justin

0 Helpful

justinvo
Level 1
Level 1
In response to vijkrish

‎06-10-2002 05:57 PM

A bit more understanding about this CIC where Cisco is really lacks of documentation.

It seem that the CIC strictly works for split tunneling only, another word traffic going out to the same interface e.g. cable, adsl or dialup. Environment with traffic going out to multiple interface such as dialup and NIC will not work. The CIC seem to block everything going to the NIC.

Under Windows 2000, I can unbind the NIC to the DNE. This will allow me to access the VPN connection and the local LAN.

Under Windows NT 4, I'm still trying the combination but yet successful. Has anyone got this work successful ?

thanks

Justin

0 Helpful

vijkrish
Cisco Employee
Cisco Employee
In response to justinvo

‎06-12-2002 02:53 AM

http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel3_5_1/user_gd/vc4.htm#xtocid22

specifically says that CIC is for split tunneling only:

snip:

Centralized Protection Policy (CPP) or "Policy Pushed" as defined on the VPN Concentrator lets you define a stateful firewall policy that the VPN

Client enforces for Internet traffic while a tunnel is in effect. CPP is for use during split tunneling and is not relevant for a tunnel everything configuration.

In a tunnel everything configuration, all traffic other than tunneled traffic is blocked during the tunneled connection.

Reg. dual interfaces, we will try to add/update the docs to mention this.

Thanks,

Vijay.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents