Solving Local LAN Access Issue for Cisco Easy VPN Software Client

B.

When a Cisco Easy VPN software client establishes a VPN tunnel, it can sometimes encounter issues accessing local LAN devices. To solve this issue, the following solutions can be considered:

A. The IP address that is assigned by the Cisco Easy VPN Server to the client must be on the same network as the local LAN of the client.

This solution involves ensuring that the IP address assigned to the client by the VPN server is on the same network as the client's local LAN. This way, the client can access its local LAN devices using the same IP addressing scheme it uses when it is not connected to the VPN. However, this solution may not always be feasible as it requires the VPN server to be configured with a subnet that matches the client's local LAN.

B. The Cisco Easy VPN Server should apply split-tunnel-policy excludespecified with a split-tunnel-list containing the local LAN addresses that are relevant to the client.

This solution involves configuring the VPN server to apply a split-tunnel policy that excludes traffic to the client's local LAN addresses. This way, when the client establishes a VPN tunnel, it can still access its local LAN devices as the traffic is not routed through the VPN tunnel. However, this solution requires careful consideration of the local LAN addresses that need to be excluded, as excluding too many addresses can compromise security.

C. The Cisco Easy VPN Server must push down an interface ACL that permits the traffic to the local LAN from the client.

This solution involves configuring the VPN server to push down an interface access control list (ACL) that permits traffic to the client's local LAN devices. This way, when the client establishes a VPN tunnel, it can still access its local LAN devices as the traffic is permitted by the ACL. However, this solution requires careful consideration of the ACL to ensure that it is comprehensive and does not compromise security.

D. The Cisco Easy VPN Server should apply a split-tunnel-policy tunnelall policy to the client.

This solution involves configuring the VPN server to apply a split-tunnel policy that routes all traffic through the VPN tunnel. This way, when the client establishes a VPN tunnel, all traffic, including traffic to the client's local LAN, is routed through the VPN tunnel. However, this solution may not be ideal as it can cause increased network congestion and may compromise security.

E. The Cisco Easy VPN client machine needs to have multiple NICs to support this.

This solution involves configuring the client machine to have multiple network interface cards (NICs) so that it can access both the VPN and the local LAN simultaneously. However, this solution may not always be feasible as it requires hardware changes to the client machine.

In summary, the best solution to the issue of a Cisco Easy VPN software client being unable to access its local LAN devices once the VPN tunnel is established depends on the specific network architecture and security requirements. The solutions provided above offer various approaches that can be considered based on the network's needs.