皆さんこんにちは
本当に自分が何か間違ったことをしているのか、あるいはそもそも不可能なのか分からなくて困っています
やりたいことは、自宅のデスクトップから隣にある仕事用ノートパソコンにRDP接続することです。同じインターネット上にあって、どちらも同じネットにつながっています。問題は、仕事用ノートがVPNに接続していることです(ドライブへのアクセスなどのため)
VPN未接続のときは、内側のIPで普通にRDPできるのですが
Cisco AnyConnectに接続すると、もうアクセスできなくなります。内側のアドレス、内側のゲートウェイ、新しいIPアドレスやゲートウェイもpingできません。
リモートデスクトップゲートウェイの仕組みには詳しくありませんが、仕事用のゲートウェイと内部ゲートウェイをいれてみたのですが、それでも動きません(これの使い方が正しいのかもわからず)。
最後に、VPNに接続したときに取得するパブリックIPアドレス「Whats my IP」も試しましたが、これも効果ありませんでした。
どうすればいいのか、みなさんの知恵を貸してもらえませんか?<3 よろしくお願いします
AnyConnect can be configured block access to the local LAN. There’s also a option in the AnyConnect client to allow access to the local LAN, if it’s not blocked too. The AnyConnect admin can also block VPN connection if you use RDP to connect to the machine. There’s heaps of options in AnyConnect. The AnyConnect client configuration profile lives in C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\ It’s a XML file so you can just read it’s options as configured and look up in the AnyConnect admin guide. The next time AnyConnect connects to the headend it will check the local profile matches the server side, if not it gets refreshed so if you make changes to the local profile they get lost as soon is you make the next connection.
Update!
I figured it out - There is a setting in Cisco Anyconnect, located in “Preferences”
“Allow local (LAN) access when using VPN (If configured)” Checking this it just worked right away!
For RDP to work, you have to make sure it’s turned on in advanced System settings and also make sure you’re user account is in the local RDP group in computer management.
The above is possible only if you have local admin access to the device.
Its probably the anyconnect client set to route all traffic through the vpn. Use a third party utility like teamviewer to get around this.
Thanks for the reply - I’ll check the settings when i get home
As a AnyConnect admin I always enable that option, luckily your admin didn’t block you enabling it.
Yo mate
I can RDP to the device when the vpn is turned off no problem - i get the problem when the VPN is active
I could also use that ofc
Cisco also make a tool called the AnyConnect Profile Editor. You can load the xml profile in to that see the options in a gui, however that’s not a public download and you need a valid contract to download it.
Caviar. Sorry, completely unhelpful!
RDP to the device then use the VPN?
There is no way to change the profile for me only right? Im pretty sure the network team wont allow any changes
I see what you did there! - Thanks for making me laugh tho
That doesn’t work.
It wont allow me to even connect with a running RDP session
You can edit the xml file, excluding anything, then reconnect. It will connect once on the edited profile and respect the edited profile but will then sync with the headend, wiping any changes, so on the next reconnection it will be back to what the administrator set. So effectively you change it once. But nothing stops you say scripting a change of profile file before each connection. If AnyConnect is set to automatically launch at login that becomes more difficult though.
Sweet - It doesn’t startup at lunch luckily
Looking forward to testing if it works with profile editing when i get home
Thanks alot mate!