SQL Access with Cisco Systems VPN Client Active and Connected
Here’s a quick question for anyone out there with SQL connectivity and VPN access experience.
I’m trying to figure out why I can no longer connect to a SQL database within my local network when I’m connected to a VPN into another network.
As you can see from the above setting in the VPN client, I’ve got the “Allow Local LAN Access” checked.
Is it just not possible? Am I confused about what “Allow Local LAN Access” actually means? I can still connect to other network shared directories and machines on the LAN. I just can’t get access to anything through Microsoft SQL Server Studio and no applications that connect to a database on the network will connect either.
Here’s the error message I receive when I try to connect to the other database via SQL Server Management Studio.
Working on looking into those settings now.
I’m running Windows XP Pro SP3 and the SQL database I’m trying to connect to in in the LAN is running on a Vista Business laptop.
Related Stories
POSTED IN: Errors, Hardware, SQL Server, Servers, Windows XP Pro
17 opinions for SQL Access with Cisco Systems VPN Client Active and Connected
Chris
Apr 9, 2008 at 10:42 am
Normally the only reason for this to happen is if the network you are VPNing into is overlapping your local IP addresses.
Can you verify if the IP of the SQL server you are trying to connect to has an IP within the range of the remote network you are connecting to?
Chris
Apr 9, 2008 at 10:48 am
Also depending on how the Cisco VPN is setup on the other end will determine what you can do. If they are running a split tunnel only IPs they specify will be sent down the tunnel, if they are tunneling everything all traffic will be sent down the tunnel.
Local LAN access normally only applies to IPs within your own subnet so if your SQL server is on a different subnet but still on the local lan you may have problems. Also the local LAN option can be restricted on the other end of the VPN connection.
Jason Bean
Apr 9, 2008 at 10:54 am
Chris, thanks for your help. What’s the easiest way to determine IP overlap? I just tried to ping the machine within my network and it was looking for it on the VPN network.
Chris
Apr 9, 2008 at 11:01 am
Connect to your VPN
Open up Cisco VPN
Go into Status Menu
Click on Route Details
This will give you all of the subnets that the VPN connection is sending down the tunnel. If you SQL server IP falls into one of those subnets that is why you can’t connect.
Chris
Apr 9, 2008 at 11:06 am
I just tested a workaround:
The two things you need to know are the IPs of the SQL server and the IP of your machine.
Open up a command prompt and add a route:
route add 1.1.1.1 mask 255.255.255.255 2.2.2.2
Replace the 1.1.1.1 with the IP address of the SQL server and the 2.2.2.2 with your IP address. This is be only temporary. Without a -P it will go away on reboot, also if your IP changes it will stop working.
Jason Bean
Apr 9, 2008 at 2:04 pm
Chris, just tried that last option with the route and it didn’t work. I do have the setting active to allow remote connections.
Jason Bean
Apr 9, 2008 at 2:05 pm
Should I delete this route I added? If so, how? Thanks.
Chris
Apr 9, 2008 at 2:07 pm
You can delete the route using the same command replacing the add with delete.
You said you can connect to the SQL server when you aren’t VPNed in?
Did you verify the route detail in your VPN client? Did you try unchecking the Local Lan Option? Is the SQL server on the same subnet as your PC?
Jason Bean
Apr 9, 2008 at 2:18 pm
I can connect with no problems whatsoever when I’m not connected via VPN. IP of local machine is not in subnet of VPN network. I didn’t uncheck the local lan option.
Chris
Apr 9, 2008 at 2:22 pm
Is the SQL server on the same subnet as your machine? You said you can’t ping it when you are connected to VPN.
When you did the route add did you use your local IP address or the IP address given to you by the VPN connection?
You can do a route print and that should tell you where all the traffic is going to go.
Jason Bean
Apr 9, 2008 at 2:33 pm
No SQL server and machine are on different subnets. Can not ping when I’m VPN’d.
I used the IP address given by the VPN connection.
Chris
Apr 9, 2008 at 2:35 pm
Ah, Try adding the route again but use your regular IP, not the one given through VPN. I would try both with and without the local lan box checked.
bofe
Apr 9, 2008 at 6:35 pm
Our VPN has all ports blocked EXCEPT Remote Desktop and SSH. In order to get into SSMS from the VPN, I use remote desktop and connect directly to the server that its running on.
Jason Bean
Apr 9, 2008 at 8:35 pm
That wouldn’t work for me because I need to access the SQL server from the machine I’m trying to connect to it from.
Chris
Apr 10, 2008 at 9:22 am
I think I am misunderstanding the situation.
You can connect to SQL when you are at the location the SQL server is located or at least on a corp lan.
You then go home and VPN in and you cannot connect to the SQL server?
I was thinking the SQL server was on your local LAN and you were VPNing into another company which was breaking your connection to the SQL server.
If the SQL server is at the remote end of the VPN connection and you cannot connect they are either blocking the ports or the remote IPs to connect directly to the SQL server.
Not much you can do unless you can get them to open up access for you on the VPN connection.
Jesse
Aug 8, 2008 at 5:10 pm
Have you found a resolution for this?
Is the SQL server being statically NAT’ed in any way?
I’m having a similar issue accessing a static NAT box by its outside domain name when connected to another network by a cisco VPN client and split tunneling.
Jason Bean
Aug 8, 2008 at 6:45 pm
Jesse, still no solution for me on this end.
Have an opinion? Leave a comment: