Why the VPN Network Shake-Up?

4

I can RDP to another machine on my home network, only if I'm not also hooked up to my employer's VPN with the Cisco VPN client. Indeed, I can't even ping the other machine by name in this mode, because ICMP suddenly thinks that ( ping myMachine ) now means ( ping myMachine.myEmployer.com ). Of course there is no machine by that latter name, and so it fails.

Even weirder, once I disconnect from the VPN I can again ping myMachine successfully, but ICMP reports the machine by its Link-local IPv6 address instead of its (the usual) IPv4 address. I don't think I've ever seen ping identify another machine by its MAC address.

So two questions:

  1. How can I access via RDP/ping the other machine BY NAME on my local network while also connected to the VPN?
  2. Why is ping identifying a Link-local IPv6 address for the machine on my home network, instead of an IPv4 address? And how can I change this so that an IP address is reported instead?

For question #1, I can indeed access the other machine on my home network by IP address. I suspect if I put the name-IP pair into my HOSTS file, then I would be able to access it even when connected to the VPN. But I wonder if there is another (more elegant) solution?

edit: Updated "MAC address" to "Link-local IPv6 Address"

Brent Arias

Posted 2011-06-22T07:59:24.180

Reputation: 459

I am not completely sure, but if you know the FQDN(Fully Qualified Domain Name) of the other home computer, which can be something like:myMachine.local, you might be able to access it with that. – paradd0x – 2011-06-22T12:23:16.603

Answers

2

With Cisco VPN, access to your local network is actually an option in the .pcf (VPN profile definition). Sometimes this is actually locked down so you cannot edit it. Try opening up cisco, modify your connection, go to Transport and check "Allow Local LAN Access". Save, connect, and Try your RDP again.

Tremmors

Posted 2011-06-22T07:59:24.180

Reputation: 273

0

This is very common with VPN's. They can force all routing to go through them. In some cases you cannot change it as the company forces it, but in some cases you can.

In a Microsoft VPN, you can turn off the "Use default gateway on remote network" option.

I am not an expert with Cisco's VPN, but I think what you are looking for, they refer to as split tunneling. You basically identify what traffic is to go to the VPN, and what should not. I will provide a link, but you may need to ask your corporate admins for more help.

http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a008074d641.shtml (Go down to where the dialog boxes say "VPN Wizard". You will probably have to go into the properties to change these settings since the wizard has already been run on your computer. Make careful not of anything you change)

KCotreau

Posted 2011-06-22T07:59:24.180

Reputation: 24 985

Asked: 2011-06-22T07:59:24.180

Viewed: 255 times

Active: 2011-06-28T07:44:53.200