VPN: LAN access

60 pts.
Tags:
Cisco VPN
Hi, I use to connect to my customer VPN with Cisco Anyconnect VPN Client (v. 2.4.1012). While connected I can't use internet, outlook, ... The VPN administrator told me that the VPN is configured in this way and the rule cannot be modified for policy reason. I'm sure that there is a workaround for this using some kind of routing but I'm not familiar with network management. Can you please help me?

Software/Hardware used:
Windows 7 Cisco Anyconnect VPN Client

Answer Wiki

Thanks. We'll let you know when a new response is added.

You could try the route add command at the following link:

Route-add

Likely there is not a workaround, and rightfully so, it is a security feature.

Similar Juniper VPN clients will actually disconnect the VPN if an attempt is made to override by adding a route via the command prompt.

The reason this is done is to mitigate the risk of access to the corporate network via the remote user’s Internet connection.

Now on the flip side, it could be argued that you customer’s system admin has possibly not configured the VPN properly, as it is possible to route your traffic to the Internet via the corporate ISP and still maintain positive control of the traffic flow.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    The VPN administrator told me that the VPN is configured in this way and the rule cannot be modified for policy reason.   If it is policy and set by an administrator, we can't help to circumvent it. A policy setting would probably have a valid business reason (especially if it's a known setting). However, if a vulnerability is found that leaves a hole open, we'll gladly help the administrator close it.   Tom
    125,585 pointsBadges:
    report
  • BigKat
    You want a work-around?  The only one we'll provide, as this is an ethical website, is to have a second (perhaps older) PC running that is logged into the Internet.  You can browze and email from there to your heart's content without having to hack your customer's network and policies. And if I was your customer and you knowingly circumvented my network, the best you could hope for is the loss of my business.  Think lawsuits!
    8,330 pointsBadges:
    report
  • webluca
    Of course I don't want to hack anything and I don't want to make somthing not ethical... I was thinking if it is passible to split my network and connect to VPN in one portion and continue working on internet in the other one, or something similar. I made something similar using windows virtual pc, but I don't need an entire virtual machine, it's enought to have a virtual adapter...
    60 pointsBadges:
    report
  • TomLiotta
    ...I don’t want to hack anything and I don’t want to make somthing not ethical…   We don't think you intend anything like that, but it should be clear that it could be interpreted as unethical by your customer. Your obligation is to avoid even the appearance of unethical behavior.   I was thinking if it is passible to split my network and connect to VPN in one portion and continue working on internet in the other one,...   Splitting your network is not the same as having your single system actively holding two different connections. That is specifically what the customer's policy forbids for whatever reason. You're stuck with respecting that requirement regardless of the inconvenience, or it'll become "unethical".   Respecting customer policies is part of ethics. Circumventing this policy probably isn't illegal and perhaps isn't even morally wrong. But because it goes against customer expectations, it is "unethical", i.e., outside of ethical.   A second system, perhaps a virtual one, seems to be a reasonableresolution.   Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following