10-02-2010 01:15 AM
Hi, my question is about how to allow access to local lan behind cisco vpn client
Using:
Can Cisco VPN Client inject a local routes into Cisco ASA route table?
Thanks.
Solved! Go to Solution.
10-02-2010 03:05 AM
Hi Vladimir,
Unfortunately that is not a supported feature if you are connecting via VPN Client. With VPN Client, only the VPN Client can access the local VPN Client LAN machine/host, not host from the corporate LAN as VPN Client is not designed for access from the Corporate LAN but to the Corporate LAN.
If you would like to have access from your corporate LAN towards your local LAN, you would need to configure LAN-to-LAN tunnel.
10-02-2010 01:55 AM
Hi Vladimir,
I suppose you have already configured the remote access VPN. You might want to take a look at this document.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml#s2
My understanding is that you want your local LAN resources to be accessible to the PC running the VPN client without passing through the tunnel. eg. You want to be able to use your local printer from the PC connected to the VPN, without passing traffic for the printer through the tunnel.
I hope this helps.
Regards,
Namit
10-02-2010 02:51 AM
Hi, Namit
I have seen this document, but I want allow secure access from corporate resources to local lan that behind the PC with Cisco VPNC via IPsec.
Please loot at my simple network topology (figure attached).
ip pool for vpn client is range from 172.20.0.0 to 172.20.7.254
remote lan address is 10.x.y.0/24
corporate lan address is 192.168.0.0/16
My question is can the Cisco VPN Client send it static routes into secure device via any dynamic routing protocols RIP, EIGRP or OSPF
Now on cisco asa it looks as:
asa#sh routes
D 172.18.0.104 255.255.255.248 [90/3072] via 172.31.2.2, 88:59:24, inside
D 172.18.0.88 255.255.255.248 [90/3072] via 172.31.2.2, 88:41:48, inside
D EX 172.18.0.80 255.255.255.248 [170/259072] via 172.31.2.2, 88:59:24, inside
D 172.21.0.240 255.255.255.248 [90/3072] via 172.31.2.2, 88:59:24, inside
D 172.21.0.8 255.255.255.248 [90/3072] via 172.31.2.2, 88:59:24, inside
D 172.21.0.0 255.255.255.248 [90/3072] via 172.31.2.2, 88:59:24, inside
S 172.20.5.153 255.255.255.255 [1/0] via 84.253.79.1, outside
S 172.20.5.149 255.255.255.255 [1/0] via 84.253.79.1, outside
S 172.20.5.148 255.255.255.255 [1/0] via 84.253.79.1, outside
S 172.20.5.151 255.255.255.255 [1/0] via 84.253.79.1, outside
S 172.20.5.150 255.255.255.255 [1/0] via 84.253.79.1, outside
S 172.20.5.145 255.255.255.255 [1/0] via 84.253.79.1, outside
S 172.20.5.147 255.255.255.255 [1/0] via 84.253.79.1, outside
S 172.20.5.146 255.255.255.255 [1/0] via 84.253.79.1, outside
S 172.20.5.141 255.255.255.255 [1/0] via 84.253.79.1, outside
S 172.20.5.143 255.255.255.255 [1/0] via 84.253.79.1, outside
And I want get dynamic route to remote lan via IPsec
D 10.x.y.0 255.255.255.0 [90/3072] via 172.21.6.3, 55:59:24, outside
OR
O 10.x.y.0 255.255.255.0 [110/3072] via 172.21.6.3, 55:59:24, outside
Sorry for my english, Thanks
10-02-2010 03:05 AM
Hi Vladimir,
Unfortunately that is not a supported feature if you are connecting via VPN Client. With VPN Client, only the VPN Client can access the local VPN Client LAN machine/host, not host from the corporate LAN as VPN Client is not designed for access from the Corporate LAN but to the Corporate LAN.
If you would like to have access from your corporate LAN towards your local LAN, you would need to configure LAN-to-LAN tunnel.
10-02-2010 03:14 AM
Hi Jennifer,
Unfortunately I was surmised about it
Thanks for you answer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide