I recently moved in to my college dorm and found that the college network is not very accomidating in the way of playing online games. All pings were over 1000 at a minimum. So I connected to the campus's Virtual Private Network using the school-distributed Cisco VPN Client. Through this connection, I am able to get pings under 50. However, when it is enabled, I am unable to access anything on my local area network anymore. This includes my xbox, which is connected to my PC through a hub that splits my ethernet jack between the two. I can't detect my xbox (for XBConnect) or access my FTP server on the xbox while the VPN is connected. Also, "Allow Local LAN Access" is checked in the VPN client. Thanks in advance.

Your network admin would have to turn on split tunnelling. Split tunelling allows local traffic & internet traffic to remain local, and only sends traffic destined for the remote network through the tunnel. This option must be enabled on the server or appliance side and cannot be enabled on the client.

---------------------
Firecodex
CCNA/MCSA/MCP/A+/Net+

is there a workaround or hack to access your LAN even if split tunnelling is disabled on the host?

Not unless you configure static persistent routes on your local machine which point your local network range to your local gateway, and 0.0.0.0 with a 0.0.0.0 mask for the internet, also pointing to your local gateway. Each time you connect to your VPN it installs routes for the remote networks in your local routing table. If you use the lowest metric possible these may override it.

Go to command prompt and type "route ?". The syntax will be displayed. Basically, if your gateway was 192.168.1.1 for the internet route you would type "route add 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1 IF 1" ("IF 1" being the number of the interface) If you omit the interface number it may still try to route over the VPN connection.

Keep in mind that once you get all of this working, you may still not be able to bring your xbox online as those ports may not be open through the VPN tunnel, which typically have separate policies.

---------------------
Firecodex
CCNA/MCSA/MCP/A+/Net+

I forgot to mention that if you want the route to remain after reboot you need to use the -p switch after "route" so "route -p add"

---------------------
Firecodex
CCNA/MCSA/MCP/A+/Net+

PROBLEM:

Even if you have Allow Local LAN Access checked, your administrator can override the value and disable it on you.

WORKAROUND:

Assuming your local LAN is 192.168.1.0/24 (has IP addresses between 192.168.1.1 and 192.168.1.254), and you have admin rights on your machine, you can modify the routing table!

You need to do this EVERY TIME YOU CONNECT, as the Cisco client will inject the routes upon each connection.

This simply deletes the "override" by removing the route map between your local LAN range and the VPN Interface.

1. Connect to your Cisco VPN server
2. Go to Status > Statistics > Tunnel Details and Verify that Local LAN Access is "Disabled" under the Transport heading. If it shows Enabled, then you have another issue preventing your access which can't be solved here)

3. OPEN A COMMAND PROMPT AND TYPE "route delete 192.168.1.0" (without quotes, where 192.168.1.0 is your local LAN)

4. Try to ping or connect to a local machine to verify success.

Enjoy!