Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

How to allow access to local lan behind cisco vpn client

Hi, my question is about how to allow access to local lan behind cisco vpn client

Using:

  • Cisco 5500 Series Adaptive Security Appliance(ASA) that runs software           version 8.2
  • Cisco VPN Client software version 5.0

Can Cisco VPN Client inject a local routes into Cisco ASA route table?

Thanks.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: How to allow access to local lan behind cisco vpn client

Hi Vladimir,

Unfortunately that is not a supported feature if you are connecting via VPN Client. With VPN Client, only the VPN Client can access the local VPN Client LAN machine/host, not host from the corporate LAN as VPN Client is not designed for access from the Corporate LAN but to the Corporate LAN.

If you would like to have access from your corporate LAN towards your local LAN, you would need to configure LAN-to-LAN tunnel.

4 REPLIES
Cisco Employee

Re: How to allow access to local lan behind cisco vpn client

Hi Vladimir,

I suppose you have already configured the remote access VPN. You might want to take a look at this document.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml#s2

My understanding is that you want your local LAN resources to be accessible to the PC running the VPN client without passing through the tunnel. eg. You want to be able to use your local printer from the PC connected to the VPN, without passing traffic for the printer through the tunnel.

I hope this helps.

Regards,

Namit

Community Member

Re: How to allow access to local lan behind cisco vpn client

Hi, Namit

I have seen this document, but I want allow secure access from corporate resources to local lan that behind the PC with Cisco VPNC via IPsec.

Please loot at my simple network topology (figure attached).

ip pool for vpn client is range from 172.20.0.0 to 172.20.7.254

remote lan address is 10.x.y.0/24

corporate lan address is 192.168.0.0/16

My question is can the Cisco VPN Client send it static routes into secure device via any dynamic routing protocols RIP, EIGRP or OSPF

Now on cisco asa it looks as:

asa#sh routes

D    172.18.0.104 255.255.255.248 [90/3072] via 172.31.2.2, 88:59:24, inside
D    172.18.0.88 255.255.255.248 [90/3072] via 172.31.2.2, 88:41:48, inside
D EX 172.18.0.80 255.255.255.248 [170/259072] via 172.31.2.2, 88:59:24, inside
D    172.21.0.240 255.255.255.248 [90/3072] via 172.31.2.2, 88:59:24, inside
D    172.21.0.8 255.255.255.248 [90/3072] via 172.31.2.2, 88:59:24, inside
D    172.21.0.0 255.255.255.248 [90/3072] via 172.31.2.2, 88:59:24, inside
S    172.20.5.153 255.255.255.255 [1/0] via 84.253.79.1, outside
S    172.20.5.149 255.255.255.255 [1/0] via 84.253.79.1, outside
S    172.20.5.148 255.255.255.255 [1/0] via 84.253.79.1, outside
S    172.20.5.151 255.255.255.255 [1/0] via 84.253.79.1, outside
S    172.20.5.150 255.255.255.255 [1/0] via 84.253.79.1, outside
S    172.20.5.145 255.255.255.255 [1/0] via 84.253.79.1, outside
S    172.20.5.147 255.255.255.255 [1/0] via 84.253.79.1, outside
S    172.20.5.146 255.255.255.255 [1/0] via 84.253.79.1, outside
S    172.20.5.141 255.255.255.255 [1/0] via 84.253.79.1, outside
S    172.20.5.143 255.255.255.255 [1/0] via 84.253.79.1, outside

And I want get dynamic route to remote lan via IPsec

D    10.x.y.0 255.255.255.0 [90/3072] via 172.21.6.3, 55:59:24, outside

OR

O    10.x.y.0 255.255.255.0 [110/3072] via 172.21.6.3, 55:59:24, outside

Sorry for my english, Thanks

Cisco Employee

Re: How to allow access to local lan behind cisco vpn client

Hi Vladimir,

Unfortunately that is not a supported feature if you are connecting via VPN Client. With VPN Client, only the VPN Client can access the local VPN Client LAN machine/host, not host from the corporate LAN as VPN Client is not designed for access from the Corporate LAN but to the Corporate LAN.

If you would like to have access from your corporate LAN towards your local LAN, you would need to configure LAN-to-LAN tunnel.

Community Member

Re: How to allow access to local lan behind cisco vpn client

Hi Jennifer,

Unfortunately I was surmised about it

Thanks for you answer

5216
Views
0
Helpful
4
Replies
CreatePlease to create content