Connecting to local LAN after connecting to AnyConnect Secure Mobility Client
I connect to my corporate network using Cisco AnyConnect Secure Mobility Client. Once connected I can no longer print to my LAN attached printer and other local resources. I use the Cisco/Lyncsys E4200 router on my LAN and can re-connect to the storage on the local LAN by setting up Port Forwarding of port 21 and MS Windows FTP folder sharing. However, I can't seem to connect to a Terminal Services client by forwarding port 3389. Is there a way to connect to the local LAN after logging into the VPN connection. I can connect to regular HTTP/HTTPS sites and most other type of connectiins, just not my own local resources.
Connecting to local LAN after connecting to AnyConnect Secure Mo
Your corporate administrator has likely setup the AnyConnect connection to NOT allow split tunneling - i.e., allowing corporate connections to go via the VPN while at the same time allowing local (or Internet) connections to go out via the local connection.
You can confirm this on your client (when connected) by clicking the "Advanced" link in the AnyConnect client system tray icon and looking at the "Route Details" tab. Seeing 0.0.0.0 as a secured route would indicate that split tunneling is not allowed in your VPN policy.
Re: Connecting to local LAN after connecting to AnyConnect Secur
Yes, there-in is the problem. Since I have to disconnect from the VPN Software in order to access an already firewalled local LAN, it appears to me like an even greater risk than allowing direct access. I understand you are required to say what you did in this public thread.
When you have split tunneling enabled, the ASA or head end router policy uses an access-list to determine which networks at the main network should be tunneled. They end up in the IPsec Security Associations (SAs) and are installed as routes on the client bound to the VPN tunnel virtual interface.
Anything not explicitly on that list will continue to use the client's local default gateway for reachability to those networks.
When you're on a VPN, you can see them in the AnyConnect client's Advanced window as follows (open in new tab to zoom):
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...