Stop Cisco AnyConnect from locking down the NIC

Question

Cisco's VPN crapclients (including the AnyConnect one) have the nasty habit of clobbering all NICs on the system you're using them. The old client had a checkbox in the connection options that allowed you to use other network interfaces while being connected while the AnyConnect client doesn't have any options at all, seemingly. But they both lock down the network interface they are using to connect to the VPN.

Since I am forced to use AnyConnect to actually have an internet connection and I like to control a second computer at home via RDP (over the same network interface so far) this doesn't quite work out. With the old client IPv6 still worked just fine, though AnyConnect seems to dislike that as well now.

Is there any way to still use the same network interface for LAN access? I actually don't really care about any possible security implications (which might be why Cisco does this) as it's my freaking internet connection and not a secure way of working from home. The trade-off is quite different :-)

Answer 1

I believe you will need to setup split tunneling with a exclude list. So you don't tunnel your local lan traffic and everything else goes out the tunnel. This has to be configured on the ASA itself. Then in AnyConnect enable the option 'Enable local LAN access (if configured)'. You can enable it manually by clicking on the "preferences" button next to the "connect to" box or via XML profile.

Here is a link to the split tunneling information in the ASA 8.2 CLI guide http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/vpngrp.html#wp1053494