Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
998
Views
5
Helpful
4
Replies

Cisco VPN 3000 how to access local LAN ?

Riccardo Veraldi
Level 1
Level 1

‎02-01-2011 02:31 AM

Hello,

in my company we use Cisco VPN 3020.

Actually users connect using CiscoVPN Client, and all traffic is routed into the VPN so that users gets

a remote IP Address of the remote public LAN.

The problem is that when using VPN users cannot acces anymore their local LAN at home.

How can i allow users local LAN access ?

All traffic is sent into the VPN also traffic for local LAN.

thank you

Riccardo

Labels:
0 Helpful
4 Replies 4

Jennifer Halim
Cisco Employee
Cisco Employee

‎02-01-2011 04:22 AM

Do you have split tunnel configured for that VPN group?
You would need to configure split tunnel to allow access to the local LAN so not everything is encrypted and sent through the tunnel.

Also, the local LAN where the VPN Client is connected from needs to be in different subnet to the office LAN otherwise traffic will be routed through the VPN tunnel.

Here is a sample configuration on configuring split tunnel:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00806f34fa.shtml

Hope that helps.

0 Helpful

Riccardo Veraldi
Level 1
Level 1
In response to Jennifer Halim

‎02-02-2011 07:11 AM

thank you very much, I'll try to enable split tunneling.

I hoped there were a way to allow local LAN access without having to configure split tunneling.

For example using MacOSX embedded VPN client with Cisco IPSec profile everything works

also local LAN access without using split tunneling.

My problem is with using Cisco VPN cientlocal LAN Access does not work.

Riccardo

0 Helpful

hdashnau
Cisco Employee
Cisco Employee
In response to Riccardo Veraldi

‎02-02-2011 08:57 AM


There is a local lan option without split tunneling for the concentrator. It is in the section Configuration | User Management |

Heres the information about this setting from the concentrator help pages: "If users in this group need access to local networks, choose Allow Networks in List to Bypass Tunnel. This option allows you to define a list of networks to which traffic goes in the clear. This feature is useful for remote users who want to access devices on their local network, such as printers, while they are connected to the corporate network through a tunnel."

I hope this helps you.
-heather

Please remember to rate all posts that helped you and also mark the question as resolved if your question has been addressed.

Riccardo Veraldi
Level 1
Level 1
In response to hdashnau

‎02-02-2011 11:26 PM

yes it really helps a lot.

thank you

0 Helpful
Customers Also Viewed These Support Documents