Any cisco pros around?

MaXXeH · 6 Jul 2008 at 16:42

I am having a problem with a cisco 857W with IPSEC

Can connect in fine but can not get any home network data.

I have ticked the box in cisco client so it should give me access, Is there a line you have to put in the cisco to make this work?

doing my head in now :mad:

Chief Wiggum · 6 Jul 2008 at 16:45

it's not clear what you're trying to do - is it an IPSEC VPN? so you can access stuff remotely?

Or something else?

Cheers

Kev

MaXXeH · 6 Jul 2008 at 16:49

Yea it is CISCO IPsec VPN.

When you connect into the office with cisco it cuts you of from any networks you are woking on localy.

There is a button in cisco client that says allow local networks but once ticked you still get cut of.

I have been going though the config but cant see any thing that stops you getting local access to your network once connected.

So i though there may be a line you have to put in the cisco to allow you to access your local network data. eg, shared drives

Chief Wiggum · 6 Jul 2008 at 16:52

hmm, will have to check but I think ticking the 'allow local lan' access on the VPN client should do it.
Your network in the home doesn't overlap the office one?
edit / just checked - you need config on the router end - just having a look now

MaXXeH · 6 Jul 2008 at 16:55

Nope, we have over 100 customers and they all have the same problem. Just can’t work out where I am going wrong!

Chief Wiggum · 6 Jul 2008 at 17:21

I'm still looking for the config you need (none of my routers have an IPSEC ios on them at the moment! lol) The cisco book says that you can permit up to 10 networks for local lan access, which will be by IP address only - name resolution will go via the VPN to the defined name servers which won't know the 'local' names for the home network.

I'll see what I can look up, but I'm about to shoot out - so one of the other bods will probably answer more fully...

Peace · 6 Jul 2008 at 17:27

split tunneling is the way forward really so the client knows which traffic to route via the vpn and won't touch local traffic.
Yes the 'Allow Local Lan Access' should normally do the trick but it doesn't work all the time.
Did you check the vpn statistics to see if the local subnet is still in the 'local Lan routes' ?

Tui · 6 Jul 2008 at 22:16

Split tunneling is what is wanted but the configuration needs to be done at the server end, not the client. You need to configure an ACL with the network(s) to be tunneled.
http://www.cisco.com/en/US/docs/ios/12_2t/secure/command/reference/sftike.html#wp1041589