05-08-2008 05:53 AM - edited 02-21-2020 03:43 PM
Hi,
I have a laptop A which is configured to vpn to my customer site. I brought it back to my office site and tested that the vpn client is ok and connected. Then i try to remote access this laptop A from another laptop B via another interface in laptop A and I failed to connect at all. However, when i disabled the cisco vpn interface, I could remote access this laptop A from laptop B without any issue.
Question is:
Is there a way to configure the laptop A with remote access while it connected to customer site via vpn?
Action taken:
I have 2 interfaces in laptop A, namely Wireless and LAN. vpn tunnels will be going through LAN interface and remote access will be through Wireless. Hence, I have configure two different subnet for Wireless and LAN. But still failed to remote access from laptop B to laptop A when laptop A is vpn connected.
Any advise?
Thanks in advance.
Tony
05-09-2008 05:12 AM
Tony,
If I was your customer I would be really concerned you are trying to do this - as "anyone" in your remote location can use the laptop as a jumping off point into the remote network....in my opinion - not good. I hope you have express permission from your customer to do this?
05-09-2008 06:44 AM
Friend, Of course i have gotten their consent before doing this. You are off track now.
05-09-2008 07:28 AM
Friend, I think the question was very on track, and related to my next one.
Has your customer provided you a "split-tunnled" connection or a "tunnel all" VPN?
05-09-2008 07:30 AM
Friend, I think the question was very on track, and related to my next one.
Has your customer provided you a "split-tunnled" connection or a "tunnel all" VPN?
05-09-2008 06:39 PM
Friend, now you r on track with technical question.
I dun understand what do u mean by "split-tunneled" or "tunnel all" VPN. Is it configured on VPN client or VPN concentrator?
05-10-2008 12:05 AM
"Split- tunnled" is only encrypting specific IP subnet traffic - say on 172.16.1.0/24, all other traffic leaves the laptop normally thru the NIC onto the local subnet.
"Tunnel All" is when the VPN is connected and ALL traffic is encrypted, no traffic will leave into the local subnet. You are encrypting 0.0.0.0
If you have a tunnel all - then you will not be able to connect to the laptop from your local subnet while the VPN is established.
The configuration is on the Concentrator - you need to change the "encryption subnet" for your VPN profile.
HTH.
05-10-2008 12:30 AM
Oh i c. So after changing the VPN concentrator to "split tunneled", I would be able to remote access the laptop via its other interface? ie. VPN through LAN interface and remote access through Wireless or vice versa?
05-10-2008 01:44 AM
Yes - you would also need to make sure on the VPN client that the option "Statefull Firewall (Always On)" is disabled, as this would drop any new connections to the laptop.
HTH.
05-11-2008 10:14 PM
I tried disable the "sateful Firewall" using CLI but failed. Is there other way to disable it?
05-12-2008 12:27 AM
Open the Cisvo VPN client
Choose "options" then make sure "Statefull Firewall" does NOT have a black tick beside it.
05-13-2008 04:37 AM
I have done that but still failed. Any other ways?
05-13-2008 04:44 AM
Have you enabled split tunneling?
05-13-2008 05:05 AM
How do i do that in CLI?
05-13-2008 06:15 AM
Sorry - I am now very confused.
1) Have you enabled "split Tunneling" at the VPN concentrator end?
2) Have you disabled "statefull Firewall" on the VPN client end?
3) What is the VPN Concentrator Platform? PIX? ASA? 3xxx Concentrator??
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: