Thanks for your answer asatoran.

I'll check what you suggest when I get home from work (another job than the first mentioned one :-).

Then I'll return.

I just checked it.

When VPN connection is established in guest OS I can ping work IP and host OS.

From host OS i can ping guest OS, but not work IP.

Any ideas?

If host and guest can PING each other with VPN running, then VPN policy is allowing local LAN access. That's good. I'm not an expert on routing so I'll ask what may be a dumb question: You added a routing rule to the host, but do you also have to add a rule to the guest to get the response back to the host?

In any case, I have two other suggestions for you. Take a look at this thread.[http://communities.vmware.com/thread/120047] Forum member WoodyZ created a document on how to use the Internet Connection Sharing (ICS) of a Windows guest to provide internet for the host. It's written for Fusion for Mac, but the concept on the guest side is the same since it's just Windows configuration. I don't know if ICS works with a VPN connection.

But my second suggestion is even even simpler: why not just run the VPN software on your host? You may have to ask your VPN admin to allow your username to have multiple simultaneous sessions. And some home firewall routers don't allow multiple sessions. I've found the Linksys BESR41 & WRT54 only allow one VPN session, but all the dLink consumer firewalls allow multiple sessions. But running the VPN client on the host and guest would seem to be much simpler than trying to share the session out of the guest, (assuming ICS doesn't work.)

I haven't added a routing rule to the host. Do I need that? Does it make any sence? If so, how should it look like?

I tried ICS like described in that guide. No luck.

My host is Vista x64 - thats the problem. No Cisco VPN client

't added a routing rule to the host. Do I need that? Does it make any sence? If so, how should it look like?

Like I said, I'm not a routing expert, so I don't know if additional rules are needed on the guest or not. Also, the VPN policy may still be restricting such local LAN access, but if PING from guest to host works, then it does seem like you have LAN access from the guest.

I tried ICS like described in that guide. No luck.

It was just a thought, since I haven't heard of anyone being able to ICS a VPN.

My host is Vista x64 - thats the problem. No Cisco VPN client

Sorry, my bad. I missed that you were using 64bit. Per Cisco's website release notes for the VPN client software "For x64 support, customers should explore with their Cisco sales representative the use of the next-generation Cisco AnyConnect VPN Client." AnyConnect doesn't work with PIXs(?) so it looks like that might be Cisco's way of getting you to upgrade your VPN endpoint hardware.

Hi BB,

That would be a solution to some, but not me im afraid. I need the VPN to connect to some huge databases which I can't run locally. Because of the size and because they are updated regulary.

But thanks for your suggestion

Kind regards,

Tommy

Hello,

I used a VPN for quite a while within VMware Workstation.... If your VPN does not allow the use of ICS or something like that then the Host WILL NEVER be able to route through the VPN as it requires the VM to act as a router and most VPNs do not allow that to happen. If you are using Workstation then the best you can hope for is to use HGFS or if not then use a file server. But access through the VPN from the HOST will not work unless it is ALSO running the VPN or the VM acts as a router (which most VPNs do not like).

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, DABCC Analyst
====
Now Available on Rough-Cuts: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing ESX and the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast