cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1000
Views
0
Helpful
16
Replies

Could not remote access a Cisco VPN client enabled laptop

tacl75
Level 1
Level 1

Hi,

I have a laptop A which is configured to vpn to my customer site. I brought it back to my office site and tested that the vpn client is ok and connected. Then i try to remote access this laptop A from another laptop B via another interface in laptop A and I failed to connect at all. However, when i disabled the cisco vpn interface, I could remote access this laptop A from laptop B without any issue.

Question is:

Is there a way to configure the laptop A with remote access while it connected to customer site via vpn?

Action taken:

I have 2 interfaces in laptop A, namely Wireless and LAN. vpn tunnels will be going through LAN interface and remote access will be through Wireless. Hence, I have configure two different subnet for Wireless and LAN. But still failed to remote access from laptop B to laptop A when laptop A is vpn connected.

Any advise?

Thanks in advance.

Tony

16 Replies 16

andrew.prince
Level 10
Level 10

Tony,

If I was your customer I would be really concerned you are trying to do this - as "anyone" in your remote location can use the laptop as a jumping off point into the remote network....in my opinion - not good. I hope you have express permission from your customer to do this?

Friend, Of course i have gotten their consent before doing this. You are off track now.

Friend, I think the question was very on track, and related to my next one.

Has your customer provided you a "split-tunnled" connection or a "tunnel all" VPN?

Friend, I think the question was very on track, and related to my next one.

Has your customer provided you a "split-tunnled" connection or a "tunnel all" VPN?

Friend, now you r on track with technical question.

I dun understand what do u mean by "split-tunneled" or "tunnel all" VPN. Is it configured on VPN client or VPN concentrator?

"Split- tunnled" is only encrypting specific IP subnet traffic - say on 172.16.1.0/24, all other traffic leaves the laptop normally thru the NIC onto the local subnet.

"Tunnel All" is when the VPN is connected and ALL traffic is encrypted, no traffic will leave into the local subnet. You are encrypting 0.0.0.0

If you have a tunnel all - then you will not be able to connect to the laptop from your local subnet while the VPN is established.

The configuration is on the Concentrator - you need to change the "encryption subnet" for your VPN profile.

HTH.

Oh i c. So after changing the VPN concentrator to "split tunneled", I would be able to remote access the laptop via its other interface? ie. VPN through LAN interface and remote access through Wireless or vice versa?

Yes - you would also need to make sure on the VPN client that the option "Statefull Firewall (Always On)" is disabled, as this would drop any new connections to the laptop.

HTH.

I tried disable the "sateful Firewall" using CLI but failed. Is there other way to disable it?

Open the Cisvo VPN client

Choose "options" then make sure "Statefull Firewall" does NOT have a black tick beside it.

I have done that but still failed. Any other ways?

Have you enabled split tunneling?

How do i do that in CLI?

Sorry - I am now very confused.

1) Have you enabled "split Tunneling" at the VPN concentrator end?

2) Have you disabled "statefull Firewall" on the VPN client end?

3) What is the VPN Concentrator Platform? PIX? ASA? 3xxx Concentrator??

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: