Could not remote access a Cisco VPN client enabled laptop

Unanswered Question
May 8th, 2008

Hi,

I have a laptop A which is configured to vpn to my customer site. I brought it back to my office site and tested that the vpn client is ok and connected. Then i try to remote access this laptop A from another laptop B via another interface in laptop A and I failed to connect at all. However, when i disabled the cisco vpn interface, I could remote access this laptop A from laptop B without any issue.

Question is:

Is there a way to configure the laptop A with remote access while it connected to customer site via vpn?

Action taken:

I have 2 interfaces in laptop A, namely Wireless and LAN. vpn tunnels will be going through LAN interface and remote access will be through Wireless. Hence, I have configure two different subnet for Wireless and LAN. But still failed to remote access from laptop B to laptop A when laptop A is vpn connected.

Any advise?

Thanks in advance.

Tony

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andrew.prince@m... Fri, 05/09/2008 - 05:12

Tony,

If I was your customer I would be really concerned you are trying to do this - as "anyone" in your remote location can use the laptop as a jumping off point into the remote network....in my opinion - not good. I hope you have express permission from your customer to do this?

andrew.prince@m... Fri, 05/09/2008 - 07:28

Friend, I think the question was very on track, and related to my next one.

Has your customer provided you a "split-tunnled" connection or a "tunnel all" VPN?

andrew.prince@m... Fri, 05/09/2008 - 07:30

Friend, I think the question was very on track, and related to my next one.

Has your customer provided you a "split-tunnled" connection or a "tunnel all" VPN?

tacl75@hotmail.com Fri, 05/09/2008 - 18:39

Friend, now you r on track with technical question.

I dun understand what do u mean by "split-tunneled" or "tunnel all" VPN. Is it configured on VPN client or VPN concentrator?

andrew.prince@m... Sat, 05/10/2008 - 00:05

"Split- tunnled" is only encrypting specific IP subnet traffic - say on 172.16.1.0/24, all other traffic leaves the laptop normally thru the NIC onto the local subnet.

"Tunnel All" is when the VPN is connected and ALL traffic is encrypted, no traffic will leave into the local subnet. You are encrypting 0.0.0.0

If you have a tunnel all - then you will not be able to connect to the laptop from your local subnet while the VPN is established.

The configuration is on the Concentrator - you need to change the "encryption subnet" for your VPN profile.

HTH.

tacl75@hotmail.com Sat, 05/10/2008 - 00:30

Oh i c. So after changing the VPN concentrator to "split tunneled", I would be able to remote access the laptop via its other interface? ie. VPN through LAN interface and remote access through Wireless or vice versa?

andrew.prince@m... Sat, 05/10/2008 - 01:44

Yes - you would also need to make sure on the VPN client that the option "Statefull Firewall (Always On)" is disabled, as this would drop any new connections to the laptop.

HTH.

andrew.prince@m... Mon, 05/12/2008 - 00:27

Open the Cisvo VPN client

Choose "options" then make sure "Statefull Firewall" does NOT have a black tick beside it.

andrew.prince@m... Tue, 05/13/2008 - 06:15

Sorry - I am now very confused.

1) Have you enabled "split Tunneling" at the VPN concentrator end?

2) Have you disabled "statefull Firewall" on the VPN client end?

3) What is the VPN Concentrator Platform? PIX? ASA? 3xxx Concentrator??

tacl75@hotmail.com Tue, 05/13/2008 - 21:39

1. I have not enabled "Split tunneling" at VPN concentrator end.

2. The client does not have a tick beside the "stateful Firewall". And there is a "(Always On)" beside the "Stateful Firewall".

3. Not too sure cause not own by us.

andrew.prince@m... Wed, 05/14/2008 - 00:32

To further troubleshoot the connectivity issues - split tunneling is key, I would recommend you get this enabled to continue.

HTH.

Actions

This Discussion