Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

Cisco Client 4.6 / 5.0 dont give lan access. Client 4.0 does

Hello everyone.

I'm having problems with newer releases of the cisco vpn clients at our office.

We have V 4.0-rel3 that works great connecting to our production network while having access to the office network at the same time (mail and stuff).

But we when we try with vpn client v.4.6/5.0(newest) we get a problem where the user cannot use the office network while having a VPN connection to the production network.

We are using the same profiles on all the different clients, same settings in the client.

We have tried against two 515E, one 501 and one ASA with the same results, not local lan access.

Since we all use the same settings/profiles that we import, how come it works on the v4.0 client and not on the 4.6/5.0 client versions?

We are using the 6.3IOS on the 515E pixes and 7.2(1) on the ASA. the asa has split tunneling etc

And we have "Allow Local lan access" checked in the profile

anyone got a hint of whats wrong?



Re: Cisco Client 4.6 / 5.0 dont give lan access. Client 4.0 does

Unlike a classic split tunneling scenario in which all Internet traffic is sent unencrypted, when you enable local LAN access for VPN Clients it permits those clients to communicate unencrypted with only devices on the network on which they are located. For example, a VPN Client that is allowed local LAN access while connected to the ASA from home is able to print to its own printer, but not access the Internet without first sending the traffic over the tunnel.

An access list is used in order to allow local LAN access in much the same way that split tunneling is configured on the ASA. However, instead of defining which networks should be encrypted, the access list in this case defines which networks should not be encrypted. Also, unlike the split tunneling scenario, the actual networks in the list do not need to be known. Instead, the ASA supplies a default network of which is understood to mean the local LAN of the VPN Client.

CreatePlease to create content