Cisco Client 4.6 / 5.0 dont give lan access. Client 4.0 does

Unanswered Question
Jun 12th, 2007
User Badges:

Hello everyone.


I'm having problems with newer releases of the cisco vpn clients at our office.


We have V 4.0-rel3 that works great connecting to our production network while having access to the office network at the same time (mail and stuff).


But we when we try with vpn client v.4.6/5.0(newest) we get a problem where the user cannot use the office network while having a VPN connection to the production network.


We are using the same profiles on all the different clients, same settings in the client.


We have tried against two 515E, one 501 and one ASA with the same results, not local lan access.


Since we all use the same settings/profiles that we import, how come it works on the v4.0 client and not on the 4.6/5.0 client versions?


We are using the 6.3IOS on the 515E pixes and 7.2(1) on the ASA. the asa has split tunneling etc


And we have "Allow Local lan access" checked in the profile


anyone got a hint of whats wrong?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
htarra Tue, 06/19/2007 - 03:27
User Badges:
  • Bronze, 100 points or more

Unlike a classic split tunneling scenario in which all Internet traffic is sent unencrypted, when you enable local LAN access for VPN Clients it permits those clients to communicate unencrypted with only devices on the network on which they are located. For example, a VPN Client that is allowed local LAN access while connected to the ASA from home is able to print to its own printer, but not access the Internet without first sending the traffic over the tunnel.

An access list is used in order to allow local LAN access in much the same way that split tunneling is configured on the ASA. However, instead of defining which networks should be encrypted, the access list in this case defines which networks should not be encrypted. Also, unlike the split tunneling scenario, the actual networks in the list do not need to be known. Instead, the ASA supplies a default network of 0.0.0.0/255.255.255.255 which is understood to mean the local LAN of the VPN Client.

http://cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml#maintask1

Actions

This Discussion