Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Allow Local LAN Access

Can someone explain exactly what the "Allow Local LAN Access" checkbox does in the VPN client? How is the behavior of the client affected with and without this box checked with split tunneling enabled and disabled at the VPN server (ASA/PIX/Concentrator)?

7 REPLIES
Community Member

Re: Allow Local LAN Access

It allow users to access the local networks while the VPN is established.

Refer this link for more info:

It allow users to access the local networks while the VPN is established.

Community Member

Re: Allow Local LAN Access

Yes, but what does that mean? Split tunneling allows the user to access local networks while the VPN is established, too (because only traffic to explicitly configured networks tunneled).

What, precisely, does the checkbox do when split tunneling is enabled, and when it is not?

Community Member

Re: Allow Local LAN Access

Bump.

Green

Re: Allow Local LAN Access

It's basically split tunnelling but only allowing access to local lan, not the internet.

Community Member

Re: Allow Local LAN Access

So:

a) If split tunneling is enabled and configured on the concentrator, what effect does checking this box have?

b) If split tunneling is disabled on the concentrator, what effect does checking this box have?

Green

Re: Allow Local LAN Access

a) It allows you to split tunnel.

b) It would have no effect if not enabled on the concentrator.

Community Member

Re: Allow Local LAN Access

re-bump.  I'm in a similar situation where I need to know what "Allow Local LAN Access" is doing rather than a summation of what the end goal is intended to be.

When I configure my ACS for "Tunnel Everything except Local-LAN", the user gets a secured route for 0.0.0.0/0 from the 3000 Concentrator.  When the VPN client also has "Allow Local LAN Access" selected they get 10/8 172.16/12 and 192.168/16 in their unsecured routes.  Neither of these are the end goal as the intent is to have ACS inform the Concentrator to hand out a 0.0.0.0/0 secured route and a 192.168.x.x/x unsecured route for the local lan.

Is ACS calling the wrong group on the Concentrator?  Is the Concentrator misconfigured?  Is the Client causing the rfc 1918 routes to show up on the wrong side?.  What are these things -doing-?

691
Views
0
Helpful
7
Replies
CreatePlease to create content