I cannot route to remote subnets from cisco vpn client and pptp client
Hi guys,
I've a big problem, I configured a 877 cisco router as a cisco vpn server (the customer use it to connect to his network from pc) and a pptp vpn server (he use it to connet to the network from a smartphone).
In this router I created 2 vlan, one for wired network (192.168.10.0/24) and the second one (10.0.0.0/24) for wireless clients and I use fastethernet 3 port to connect these to the router.
this is the issue, when the customer try to connect to a wireless network from both of vpn clients he cannot do this, but if he try to connect to a wired network client all working fine.
following the addresses taken from the router.
- encrypted vpn client -
ip address. 192.168.10.20
netmask 255.255.255.0
Default Gateway. none (blank)
- pptp vpn client -
ip address. 192.168.10.21
netmask. 255.255.255.255
Default Gateway. 192.168.10.21
Is possible that I cannot reach the remote subnet because the clients doesn't receive a gateway (in the first case) or receive the wrong subnet/gateway (in the second one)..?
There is anyone can help me..?
Thank you very much.
Many Kisses and Kindly Regards..
Ilaria
The default gateway on your PC is not the problem, it will always show as the same IP address (this is no different when you dial up to an ISP, your DG will again be set to your negotiated IP address).
The issue will be routing within the campus network and more importantly on the PIX itself. The campus network needs a route to the VPN pool of addresses that eventually points back to the PIX.
The issue here is that the PIX will have a default gateway pointing back out towards your laptop. When you establish a VPN and try and go to an Internet address, the PIX is going to route this packet according to its routing table and send it back out the interface it came in on. The PIX won't do this, and the packet will be dropped. Unless you can set the PIX's routing table to forward Internet packets to the campus network, there's no way around this. Of course if you do that then you'll break connectivity thru the PIX for all the internal users.
The only way to do this is to configure split tunnelling on the PIX, so that packets destined for the Internet are sent directly from your laptop in the clear just like normal, and any packet destined for the campus network is encrypted and sent over the tunnel.
Here's the format of the command:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1048524
Similar Messages
-
Cannot find deployed Remote Bean from external client
I have a very simple Stateless Session bean running in the SAS PE 9, which from what I can see has been successfully deployed. The application is listed as enabled in the Admin Console. Likewise, when I look at the JNDI tree, I can see the following entries at the top:
com.intecbilling.svConnectorHarness.TestRunnerRemote
This is the name of the Remote Interface, that I have defined for the ejb TestRunnerBean. It does very little:
package com.intecbilling.svConnectorHarness;
import javax.ejb.Stateless;
@Stateless
public class TestRunnerBean implements TestRunnerRemote, TestRunnerLocal {
public void runTest() {
System.out.println("Running test!");
}and the Remote Interface is
package com.intecbilling.svConnectorHarness;
import java.rmi.RemoteException;
import javax.ejb.Remote;
@Remote
public interface TestRunnerRemote {
void runTest() throws RemoteException;
}Now, I'm trying to call this runTest() method from an external client. The client code looks like
public void connectUsingJNDI(String paramName) throws NamingException {
Properties env = new Properties();
env.put("java.naming.factory.initial", initialFactory);
env.put("java.naming.provider.url", providerUrl);
String myJndi = jndiName;
if (paramName != null) {
myJndi = paramName;
Context ctx = new InitialContext(env);
System.out.println("looking for " + myJndi);
Object returnedObject = ctx.lookup(myJndi);
System.out.println("returnedObject=" + returnedObject);
}I am using:
- com.sun.jndi.cosnaming.CNCtxFactory as the initial factory
- iiop://<machineName>:3700 as the url. I'm using 3700 because that is the port against which my appServer's orb-listener-1 is using
I've tried to look for the JNDI name of
com.intecbilling.svConnectoryHarness.TestRunnerRemote
because that is what is displayed in the JNDI View. When I do this, I get the following error:
/svjca-src> runMe.sh com.intecbilling.svConnectorHarness.TestRunnerRemote
looking for com.intecbilling.svConnectorHarness.TestRunnerRemote
javax.naming.NameNotFoundException [Root exception is org.omg.CosNaming.NamingContextPackage.NotFound: IDL:omg.org/CosNaming/NamingContext/NotFound:1.0]
at com.sun.jndi.cosnaming.ExceptionMapper.mapException(ExceptionMapper.java:44)
at com.sun.jndi.cosnaming.CNCtx.callResolve(CNCtx.java:484)
at com.sun.jndi.cosnaming.CNCtx.lookup(CNCtx.java:523)
at com.sun.jndi.cosnaming.CNCtx.lookup(CNCtx.java:501)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at com.intecbilling.svConnectorHarness.TestRunnerClient.connectUsingJNDI(TestRunnerClient.java:42)
at com.intecbilling.svConnectorHarness.TestRunnerClient.main(TestRunnerClient.java:57)
Caused by: org.omg.CosNaming.NamingContextPackage.NotFound: IDL:omg.org/CosNaming/NamingContext/NotFound:1.0
at org.omg.CosNaming.NamingContextPackage.NotFoundHelper.read(NotFoundHelper.java:72)
at org.omg.CosNaming._NamingContextExtStub.resolve(_NamingContextExtStub.java:406)
at com.sun.jndi.cosnaming.CNCtx.callResolve(CNCtx.java:470)
... 5 more
Now, no matter what I do, I get this. Running with the AS jars in the classpath or not. Running with the following system variables
-Dorg.omg.CORBA.ORBClass=com.sun.corba.ee.impl.orb.ORBImpl -Dorg.omg.CORBA.ORBSingletonClass=com.sun.corba.ee.impl.orb.ORBSingleton -Djavax.rmi.CORBA.UtilClass=com.sun.corba.ee.impl.javax.rmi.CORBA.Util
Also provide me no joy. I've also tried using the JNDI format with the corbaname embedded in it (looks like corbaname:iiop:machinename:3700#com.intecbilling.svConnectorHarness.TestRunnerRemote) and I get the exact same exception.
From what I'm seeing, I'm finding the remote NamingContext, but it doesn't like the JNDI name. I've tried fully-qualified names (as it is displayed in the JNDI tree) and unqualified names with the exact same results. From all of the posts I've read, I've tried all the various combinations that I can see to no avail. Is there a security issue going on here? I haven't enabled any security at all. I'm running out of ideas, and if I can't get any joy, I'll probably have to use a different app server to play with.
Thanks for any help,
EdHi Ed,
We have an EJB FAQ entry that describes how to access Remote EJBs from a stand-alone (non Java EE) client. In a nutshell, put appserv-rt.jar in your classpath and instantiate the 0-arg InitialContext constructor. You can find more details here :
https://glassfish.dev.java.net/javaee5/ejb/EJB_FAQ.html -
Cisco VPN Software and Remote Desktop Problem
Hello-
Please have patience as I just got my first mac and I'm really just learning how everything works.
Anyway, I'm trying to connect to my office network from my iMac (OS X 10.5.3) using the Cisco VPN client ver. 4.9.01 (0030) and the Remote Desktop Connection v2.0.0 Beta 3. I'm able to connect via the VPN but I cannot connect to the remote machine using either the machine's hostname or IP address.
In order to troubleshoot the issue, I tried to ping the remote machine after connecting via VPN and it fails. The name is resolving but ping fails with a "No route to host" and then "Host is down error." However, I know the host is up since when I connect via VPN from my PC I can ping the remote machine without a problem.
Anyone have any ideas? Does the Cisco VPN client for Mac not work well? Is there some simple configuration setting I'm missing somewhere? BTW, I'm connecting to the Internet via WiFi and am using a Linksys WRT54G router.
thx,
ianHello Ian:
Welcome to Apple discussions (and to the wonderful world of Macs). I think you will find these forums represent the best on-line community anywhere - and everyone is a volunteer!
I am no help with your problem as I have not used a Cisco VPN. However, in my previous business life I did connect my home Mac to my business VPN. I found that our IT people were most helpful in smoothing connection issues.
This forum addresses connection issues if you want to post there:
http://discussions.apple.com/forum.jspa?forumID=1222
Barry -
Best solution for managing 50 remote sites via cisco vpn
At the moment my support organisation use the cisco vpn client on their windows pc's to provide remote support to our customers. I want to know if there is a solution from cisco that would support nialing up the 30 connections all the time without having to use clients on individual pc's. I know there will be issues because some of the sites will have conflicting lan ip address ranges. We would like to offer improved support to our customers for example using nagios to monitor their servers but this is not possible if vpn connection if not nialled up.
Please help with the best solution.L2L vpns solution is suitable for your scenario, depending on your traffic load for each site u would have to do assesment on that, any asa5510 or higher in an active/standby architecture with stateful failover sure can do the job. As for conflicting LAN ips there is ways to work around that by using NAT or Policy NAT.
ASA product line
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
Perhaps for monitoring/managing Ipsec tunels CSM Cisco Security manager
http://www.cisco.com/en/US/products/ps6498/index.html -
Loading remote EJB from servlet using jakarta and openejb
I am trying to create an environment where I use
openejb as my EJB container, and JAKARTA Tomcat
as my
Servlet/JSP container. However,
i'm having a problem in lookingup my remote EJB from my
jakarta application.
That exact code works perfectly if I run it standalone. I
am using the same JRE. Jakarta has also loaded the
openejb-0.8.3.jar and openejb_client-0.8.3.jar
What I dont understand is why jakarta
would behave differently than command-line java when I
am
running in the same JRE on a single machine.
Any help would be much appreciated.Several fairly major improvements have been maid in OpenEJB specifically for the Tomcat people. For one, the whole way you integrate them has completely been rewritten. Now all you have to do is copy a openejb_loader-0.9.1.war into the Tomcat webapps directory and change an init-param in it. Pretty straight forward. OpenEJB 0.8.3 won't work with Tomcat in the same VM, however OpenEJB 0.9.0 and up have been totally revamped in all things related to classloading so that it can co-exist with Tomcats unique classloading architecture.
O'Reilly just published an article detailing the ins and outs of the integration, it's a pretty good read:
http://www.onjava.com/pub/a/onjava/2003/02/12/ejb_tomcat.html -
Should I uninstall the Cisco LEAP, PEAP, and EAP programs if I am no longer using a Linksys router? I am replacing with an Asus router.
thanks,
KGHi! It's best to uninstall them all if you are not going to use them for the sake of freeing some memory on your computer. Should you change your mind and get a new Linksys router one of these days, I am sure it will come with its own installation software anyway.
-
ASA500: migrate from Cisco VPN Client to native Windows VPN connection
We have a need at this time for only one of our computers to allow 2 Windows users to connect to our network thru VPN (it's a work share situation, they will not both be logged on the same day). We happily use the old Cisco VPN client for everyone else. But the old client will not install twice on the same machine, nor is there the option to "install for any user".
Thinking to KISS and not invest at this point, trying to get Windows native VPN to work ?
What combination of settings will work in its properties->security tab to do the same IKE IPsec over UDP(NAT) and with group auth along with the individual's login?
... (so no reconfiguration is needed in the ASA?)
Or are one of the other "type of VPN" will need minimal change on the ASA ?Thank you.
I found this: http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/l2tp_ips.html#wp1041306
Will this have any effect on the rest of the users?
Step 1 Specify IPSec to use transport mode rather than tunnel mode with the mode keyword of the crypto ipsec transform-set command:
hostname(config)# crypto ipsec transform-set trans_name mode transport -
Cisco ASA 5505 and DHCP Client Problems
Hi, i have a problem. I've connected my ASA appliance to an ADSL modem, and i dont get an DHCP address on the outside interface (e0/0). I use the asa-722-19.bin firmware.
I turned on the debugging for the DHCP client and could see that the ASA device was sending out broadcasts but a reply never came. Instead I connected the device to my internal network where the ASA got an address instantly.
I read somewhere that if I was to use ?ip address dhcp client-id fastethernet 0″, then I got an address from the ISP.
I tried looking for a similar command on the ASA5505 but I couldn?t find anything. I did however find a page on the Cisco site confirming my suspicions. It said some ISP?s require the client-id field of the DHCPDISCOVER request to be filled.
I've also read that this issue has beed fixed since a few weeks, now they have released version 7.2(2).22 where you can define ?dhcp-client client-id interface outside? in global configuration mode. Im running 7.2(2).19 and i cannot find any command like that in my appaiance. How do i fix my problem ? Or how do i get about recieving the 7.2(2).22 firmware update.
Regards !
LeifHi again! I thought I should share the solution that worked for me. I use software version 7.2(2) on this device. ASDM 5.2(2). In ASDM open configuration / Interfaces. Click in outside (my case 0/0) and press Edit. Then open the tab Advanced and set the correct Active Mac address. Fore some reason its empty by default and the ISP/modem don't like that. You will find the correct MAC address under the help menu / "About ASA". Im sure there is some another way to do this but this is a simple "how-to" that works with Swedens biggest ISP and their standard DSL modem.
When I used a Linksys DSL modem in bridge mode without the MAC address set I got an inside IP adress (192.168.x.x) from the modem to the ASA. After setting the MAC address I just had to do a renew and got the outside address right away. /Bjorn
(future users searchwords: no ip from isp, ASA 5505 and cable modem). -
HT1430 i cannot see my e mails from my hotmail account and send e mails.
I cannot see my emails from my hotmail account also cannot send e mails
Make sure you have correctly set up your Hotmail on your iPhone. Follow these Microsoft-privided directions:
http://windows.microsoft.com/en-us/hotmail/mobile?t1=t3 -
2 ISPs with addresses /32 and PPtP Server onboard of Cisco 3825
First of all, excuse me for my bad English, it's not my native language.
A couple of years ago our company changed our central router Cisco 1841 with more powerfull 3825 ISR.
Here is show ver
Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 12.4(24)T7
This Cisco 3825 contains 2 DIMMs - 256Mb and 512 Mb of RAM onboard.
Now it works with 2 ISPs (take a glance on pdf picture http://www.intelcom-ug.ru/scheme.pdf or in the attached file). We're using the failover scheme, the ISP1 with statically assigned IP address 85.20.20.20/32 (Dialer 1) is used as Backup link. The ISP2 L2TP link is main.
Now our authorities organize the remote office with Cisco 1841. And we face with the problem, we cannot connect via PPtP from anywhere to the 85.20.20.20/32 (Dialer 1). And we need some help or advise. The config of Cisco 3825 is like this:
version 12.4
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime localtime
service password-encryption
hostname CENTRAL-OFFICE
boot-start-marker
warm-reboot
boot-end-marker
security authentication failure rate 3 log
logging message-counter syslog
logging buffered 64000
enable secret 5 HEREISTHESECRETPASSWORD
aaa new-model
aaa local authentication attempts max-fail 3
aaa authentication login default local
aaa authentication ppp default local
aaa authentication ppp vpn-users local
aaa authorization exec default local
aaa authorization exec vpn-users local
aaa authorization network vpn-users local
aaa session-id common
clock timezone MSK 4
ip source-route
no ip gratuitous-arps
ip cef
no ip domain lookup
ip domain name somewhere.net
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group 239
accept-dialin
protocol pptp
virtual-template 100
vpdn-group global
! Default L2TP VPDN group
! Default PPTP VPDN group
accept-dialin
protocol any
password encryption aes
voice-card 0
username administrator privilege 15 password 7 737364645252414571
username vpnuser password 7 85956353413120384645373930
archive
log config
hidekeys
ip tcp selective-ack
ip tcp timestamp
ip tcp synwait-time 5
ip tcp path-mtu-discovery
ip ssh version 2
l2tp-class beeline
pseudowire-class pw-beeline
encapsulation l2tpv2
protocol l2tpv2 beeline
buffers tune automatic
interface Loopback0
ip address 10.111.111.111 255.255.255.255
interface GigabitEthernet0/0
descrition --Our Local Network--
ip address 192.168.7.2 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
interface GigabitEthernet0/1
description --Trunk Connection--
no ip address
duplex auto
speed auto
media-type rj45
interface GigabitEthernet0/1.10
description --Connection to ISP1 through vlan on our managed switch--
encapsulation dot1Q 10
pppoe enable group global
pppoe-client dial-pool-number 2
interface GigabitEthernet0/1.20
description --Connection to ISP2 through vlan on our managed switch--
encapsulation dot1Q 20
ip address dhcp
ip virtual-reassembly
interface Virtual-PPP5
description --Interface for ISP2--
ip address negotiated
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1380
no peer neighbor-route
no cdp enable
ppp authentication chap callin
ppp chap hostname 8282828282828
ppp chap password 7 theSecretForISP2
pseudowire 10.255.255.242 10 pw-class pw-beeline
interface Virtual-Template100
description --TEMPLATE for incoming PPtP connections of our users--
ip unnumbered Dialer1
autodetect encapsulation ppp
peer default ip address pool for-vpn
no keepalive
ppp authentication ms-chap ms-chap-v2 vpn-users
ppp authorization vpn-users
interface Dialer1
description --Interface for ISP1. PPPoE--
bandwidth 10240
ip address negotiated
ip accounting output-packets
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1400
load-interval 30
dialer pool 2
dialer-group 2
no fair-queue
ppp authentication chap callin
ppp pap sent-username reteretere password 7 PasswordForISP1
ip local policy route-map External_VPN
ip local pool for-vpn 172.16.135.1 172.16.135.10
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 100 track 1
ip route 0.0.0.0 0.0.0.0 Virtual-PPP5 track 2
ip route 192.168.239.0 255.255.255.0 172.16.135.1 name C1841-Rossiyskaya70
ip route 194.87.0.8 255.255.255.255 Dialer1
ip route 194.87.0.9 255.255.255.255 Virtual-PPP5
ip route 10.255.255.242 255.255.255.255 dhcp
ip route 10.255.255.247 255.255.255.255 dhcp
no ip http server
no ip http secure-server
ip nat inside source route-map Beeline interface Virtual-PPP5 overload
ip nat inside source route-map UTK interface Dialer1 overload
! This access-list is for local Network proxy
ip access-list standard fwd-squid
permit 192.168.7.100
permit 192.168.7.0 0.0.0.255
! This access-list is for ip local policy
ip access-list extended External_VPN_access
permit tcp host 85.20.20.20 eq 1723 any
permit tcp host 85.20.20.20 eq 22 any
permit tcp host 85.20.20.20 eq telnet any
permit icmp host 85.20.20.20 any echo-reply
track 1 ip sla 1 reachability
ip sla 1
icmp-echo 194.87.0.8 source-interface Dialer1
timeout 7000
threshold 100
frequency 15
ip sla schedule 1 life forever start-time now
ip sla reaction-configuration 1 react timeout threshold-type immediate action-type triggerOnly
track 2 ip sla 2 reachability
ip sla 2
icmp-echo 194.87.0.9 source-interface Virtual-PPP5
timeout 7000
threshold 400
frequency 15
ip sla schedule 2 life forever start-time now
ip sla reaction-configuration 2 react timeout threshold-type immediate action-type triggerOnly
access-list 1 remark --SNMP Watching--
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 100 permit ip 192.168.7.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
dialer-list 3 protocol ip permit
route-map External_VPN permit 10
match ip address External_VPN_access
set default interface Dialer1
route-map UTK permit 10
match ip address 100
match interface Dialer1
route-map Beeline permit 10
match ip address 100
match interface Virtual-PPP5
snmp-server community public RO 1
control-plane
line con 0
line aux 0
line vty 0 4
exec-timeout 30 0
line vty 5 15
exception memory ignore overflow processor
exception memory ignore overflow io
scheduler allocate 20000 1000
ntp update-calendar
ntp peer 194.33.84.1
event manager applet nat_clear_isp1
event track 1 state any
action 1 wait 5
action 2 cli command "enable"
action 3 cli command "clear ip nat translation *"
event manager applet nat_clear_isp2
event track 2 state any
action 1 wait 5
action 2 cli command "enable"
action 3 cli command "clear ip nat translation *"
endOkay, you are not going to be able to do this using the interconnect between the switch and the router. The issue is -
1) if you make the interconnect a L2 trunk then you would have subinterfaces on the router interface connecting to the switch. But you cannot have multiple interfaces on the router configured from the same IP range so it won't work ie. you would need a subinterface using the same IP range as one of the other interfaces
2) if you make the interconnect L3 as you have then you cannot route to the same subnet ie. think of it as two separate devices, a L3 switch and a router. You connect the L3 switch to the router using a L3 connection.
On the switch you then configure a client with a public IP and on another interface on the router ie. not the interface used to connect to the switch, you use the same public IP range.
You cannot then route from the client to that other interface because you don't route to the same IP subnet and the client and the other interface are separated by a different IP subnet.
So neither will work. The L3 switch is usually used where you have multiple vlans/IP subnets and you create L3 vlan interfaces for these on the switch and then you route to other subnets that are reachable from the router, whether these are directly connected subnets or remote networks.
But you aren't doing that.
The only way i could see you doing what you need is to not configure the interconnect at all and instead run cables from the relevant router interfaces to the switch. Then you could configure vlans on the switch and have them route via the physical router interface.
The switch is then only acting as a L2 switch and all L3 is done on the router.
One thing i should say is i have never used the switch module this way so i can't guarantee it will work although i can't see why it wouldn't.
Jon -
Cisco ASA 5505, Cisco VPN Client and Novell Netware
Hi,
Our ISP have installed Cisco ASA 5505 firewall. We are trying to connect to our Novell 5.1 server using VPN client.
I installed VPN client on a laptop that is using wireless connection. I connect using wireless signal from near by hotel and I am able to connect to my firewall usinging vpn client and also able to login in using Novell client for XP.
When I use same vpn client and Novell client at home that is not using wireless connection, but DSL connection amd not able to login or find the tree.
The only difference in two machine is laptop using wireless connection and my home machine is using wired connection using DSL.If your remote end of the services in question support IPsec IKEv1 as the VPN type then, yes - the 5505 can be a client for that service. At that point it looks like a regular LAN-LAN VPN which is documented in many Cisco and 3rd party how-to documents.
-
Please Help - CISCO VPN client disconnecting over wireless adapter
Hi,
I connect to my work network when at home using the CISCO VPN client. I have a wireless connection at home. My vpn conection had no problem until my laptop once dropped hitting the wireless card reader side on the floor. since then, my vpn disconnects after some time. And this also disconnects my wireless connection at home. When I am not connected to work through th eVPN, we have no problems with my wireless connection. But, when I need to work from home, my vpn keeps getting disconnected and throws me off my wireless conenction too everytime. Can someone please tell me how to check if anything is wrong with the laptop?Ok lets see if we can clear somethings up.
Using wireless and VPN before the "Drop" was ok?
Using Wireless and no VPN after the "Drop" is fine?
Using Wireless and VPN after the "Drop" causes the wireless adapter to disconnect?
If this is correct probally the best thing to do is to remove the cisco VPN software and reinstall it.
It can't be anything to do with the "Drop" as using normal wireless is working fine you say.
and the Cisco VPN Adapter is Virtual.
Let me know how you get on. -
Help to connect Microoft Remote Dextop (win7) with Iphone 5 using RD client
Help to connect Microoft Remote Dextop (win7) with Iphone 5 using RD client Hello, I can connect my iphone 5 to my laptop(windows7 OS) with RD client while My iphone is also connected with my laptop's wifi hotspot. And i can remotely control my laptop with the iphone nicely while I am in the laptop's wifi range. Is it possible to control my laptop from iphone while my phone is not connected to laptop's wifi hotspot???? I use 3G internet in my phone while I go out of home.
I have no issue using cellular data when I remote in from my iphone with the RD client.
Have you tried using cellular data to remote in? -
Airport Express not showing in iTunes with Cisco VPN Client Service Running
As soon as I stop my VPN Client Service in Services... the AX instanly appears in iTunes... If I restart the service AX can't be found. Does anyone know a workaround so they can co-exist on an XP machine?
Yes, that is called "split tunneling" and is a feature, if you will, of the Cisco VPN (hardware and your VPN client). Unless "split tunneling" is enabled AT THE SERVER, all of your traffic will flow through the VPN, including that meant for your local AX.
If you had an ethernet printer, as I do, you'd also find you couldn't print while on the VPN.
The intent is to protect your company's internal network from anything that might be on your computer (say, malware trying to phone home or do other nefarious stuff).
Really, there is not much you can do, other than ask your IT folks to enable local LAN access for you. -
Using Cisco VPN client certificate for built in IPSec?
Hi,
Does anybody know if it is possible to "convert" a certificate exported from Cisco VPN client and import it into the Keychain for using it with built-in IPSec in Snow Leopard?
Thanks,
OliI too am having trouble importing the Cisco certificate. It would be nice for some clear documentation. We've been successful converting the x.509 cer to KPCS#7 using openssl which will import into the keychain. However, the VPN (Cisco IPSec) sill doesn't see it.
Maybe you are looking for
-
Exicse treatment in case of returns from customer
Hi Experts - How the exise reversals happen in case of customer returns? - What are the accounting entries? - What are the process steps in SAP? Warm regards marias
-
How do i print the current view on a pdf file
How do i print a current view on a pdf file i am looking at, i dont want to print the current page i want to zoom in and print that zoom.
-
Oracle 10g Release 2 (10.2) for Linux x86-64
Hi All, During installation - Oracle Database Configuration Assistance, I have got below error and thus I stuck. As per Metalink note 293988.1, this will be resolved if I do [root@localhos]# echo 1 > /proc/sys/vm/disable_cap_mlock . But problem is wh
-
I was wondering if someone knows a way of creating new documents to be listed in the list of default documents when you open the new document window. What I would like to do is create 3 files to add to the list. I am using coldfusion and want use <cf
-
How to download elearning classes from this site.
hi. this is yugandhar. does any one give me the idea on how to download the elearning classes from this site. is it possible.