One of two computers won't connect to local LAN when VPN is enabled

[Ketchup]

I could understand if this issue affected both computers, as I would chalk it up to a security policy on the company side, but the fact that one works and one doesn't just doesn't make sense to me (yet).

A little backstory, if it helps (If not, skip to the next paragraph). I work from home, and use a company-supplied laptop. Because I work away from the office, I keep some of my personal work info backed up here, in case of catastrophe. As it happened, the hard drive on my work laptop died. So I was able to restore the programs and data I needed onto another pc to keep working while the laptop was in service, and get the rest from a server at the office.

Anyway, while on the my computer, I could connect to my local computers on my network, even while connected to the office through VPN. But, when doing the same thing on my work computer, running the same VPN software, I can only connect to my local network when that VPN is disconnected, even though my router shows that the laptop is on the network with a local IP address.

Anyone know why this would be the case?

 

[Ketchup]

So, I found out that my company laptop will stay connected to my home network once I connect before logging onto the vpn. Then I can see all folders/files shared on my network at any time.

Might be due to being on the domain. My home PC is only set up to be in my local workgroup.

 

[Ketchup]

While looking for something else, I actually stumbled upon this article here:

http://www.techrepublic.com/article/fix-10-common-cisco-vpn-problems/

I will go ahead and paste it here, should someone else find it useful.

Home VPN users complain that they cannot access other resources on their home network when the VPN connection is established

This generally happens as a result of split-tunneling being disabled. While split-tunneling can pose security risks, these risks can be mitigated to a point by having strong, enforced security policies in place and automatically pushed to the client upon connection (for example, a policy could require that current antivirus software be installed, or that a firewall be present). On a PIX, use this command to enable split tunneling:

vpngroup vpngroupname split-tunnel split_tunnel_acl

You should have a corresponding access-list command that defines what will come through the encrypted tunnel and what will be sent out in the clear. For example, access-list split_tunnel_acl permit ip 10.0.0.0 255.255.0.0 any, or whatever your IP range is.

On a Cisco Series 3000 VPN Concentrator, you need to tell the device what networks should be included over the encrypted tunnel. Go to Configuration | User Management | Base Group and, from the Client Config tab, choose the Only Tunnel Networks In The List option and create a network list of all of the networks at your site that should be covered by the VPN and choose this network list from the Split Tunneling Network List drop down box.

I am not going to even attempt to ask our IT department about this (they have more important things to do), so the workaround I mentioned above will suffice.

 

[fiberst]

disconnect VPN and try again.

 

[Mushkins]

That article is spot on, it's a split tunneling thing. Most companies will not allow split tunneling even if you ask for security reasons, as they want to make sure when you are on the VPN *all* traffic goes through the VPN. It keeps things like content filters working and web-based services properly funneling through the secure corporate network instead of whatever unknown network you're connected to.

 

[yinan]

This is why I use a VM to connect to my company's VPN. It allows me to do whatever I want to do on the bare metal OS.

 

[Ketchup]

This is why I use a VM to connect to my company's VPN. It allows me to do whatever I want to do on the bare metal OS.

That's it. And when I am on my work computer I do the exact opposite (since it is their machine).

Thanks to you both for sharing.

 

[Ketchup]

I did want to ask, since there is some interest: how is it that my other computer can manage both (local network and VPN)? Is is because it isn't on their domain, or something else I am not thinking of?