Cisco vpn client question

By rlynch@lockhartcadillac. ·
I have a pc sitting on my network behind a sonicwall nsa 240 on a 10.22.92. subnet. One of our machines has a new application installed on it which needs the cisco vpn client software to connect that application to its server end. Whenever I start the cisco vpn client this machine drops off the lan, thus losing access to local servers and shares. The application works just fine, and I can get to the internet, however I cant ping his machine anymore from any other machine on the same lan. I know there is a setting on the cisco client that allows you to keep lan connection, however on their end they have it set so you cant use that feature. So changing it on my end does nothing. Would placing another nic in the machine and using it for the lan connection while other nic is used for vpn connection work at all. I could even put the second nic on another nsa interface giving it another subnet and allowing that interface access to the lan, that would alteast get everthing up an going. I just didnt know if there was a way to bind that cisco vpn client to one network adapter. I would appreciate in help or ideas, thanks in advance.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

what is the purpose of a remote connection in relation to

by CG IT In reply to Cisco vpn client question

accessing resources on the local network?

Isn't the remote connection for allowing the worker to access the "database" and do work?

when done, are they not required to disconnect?

If so, why the need to also access local lan resource? If anything, that's what you don't want unless there are nefarious plans about.

Collapse -

thanks for reply

The network that this machine sits on is where most of his resources are. Most of his work is done on the lan along with servers on the lan. This one new application is from a 3rd party vendor, and they require us to install and use the cisco vpn client software to connect his machine and allow that application to communicate to their end. So when we establish that vpn client session, he loses all local resources, therefore losing the ability to do everything else expect use that new application. He loses all lan resources when that vpn is connected. Also, the vpn session must remain open for most of the day because he's using it alot, so closing it out everytime he wants to get to a lan resource isnt an option. thanks again.

Collapse -

only suggestion I can come up with is use offline files for mapped drives

by CG IT In reply to thanks for reply

that way their available as a local machine source.

While you can jury rig something else up,such as multiple network cards [thus making the machine a quasi router] you just made his computer setup complex and prone to problems.

Collapse -

Gateway Issue

by Ekline In reply to Cisco vpn client question

Your problem is the default gateway. Did you run TRACERT to troubleshoot the way your network traffic is going?

Once you VPN to the other network, your system will abide by the policies for that VPN RADIUS server.

If the RADIUS Server was configured to force a proxy gateway, that is why you can not access resources. The limitation is that you're force to use a remediation network. I'm sure if you change your gateway setting once you're on the VPN, it will resolve that issue. Depending on the policies applied. So when you're connected, that system belongs on that network. Your way back is to the internet back to your own network via internet.

Your network traffic went through the external network and connected to the public IP VPN interface. You just have to place yourself... what is your new IP... VPN doesn't keep you in the network. Virtually, you belong to a new network now. With a new IP, subnet, and gateway. Figure out what that is, run some basic network troubleshooting.

This is a tunnel that you're trapped in until you disconnect the VPN. So if this application only works while connected to the other system, then you do need to branch that system from 2 networks. You may also be able to re-configure multiple gateways by going to the advanced settings in IPv4 configuration. A second NIC would just take a lot less productivity time to share both resources!

So go for the second NIC. Just realize that your system is also a bridge back to your network... So configure the firewall on the system thoroughly.

Related Discussions

Related Forums