claud_io
asked on
Cisco VPN blocks Internet and LAN access
Hi,
I use Cisco VPN client to connect to a remote system from my corporate LAN.
In My LAN I get a local IP address (10.40.a.b); the whole LAN is natted outside with a single IP addess (194.x.y.z).
After I connect to VPN using Cisco client 4.6 I lose Internet and LAN access due to remote system restictions.
Is it possible to change routing table with route command and/or any opther network utility to gain again Internet and LAN access?
There are only a few remote addresses I need to reach by VPN, so I would like to redirect all the othe network traffic to my "regular" LAN connection.
Thanks
Claudio
I use Cisco VPN client to connect to a remote system from my corporate LAN.
In My LAN I get a local IP address (10.40.a.b); the whole LAN is natted outside with a single IP addess (194.x.y.z).
After I connect to VPN using Cisco client 4.6 I lose Internet and LAN access due to remote system restictions.
Is it possible to change routing table with route command and/or any opther network utility to gain again Internet and LAN access?
There are only a few remote addresses I need to reach by VPN, so I would like to redirect all the othe network traffic to my "regular" LAN connection.
Thanks
Claudio
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is wrong
route add 10.X.X.0 mask 255.255.255.0 172.A.A.A
route add 0.0.0.0 mask 0.0.0.0 172.A.A.A metric 30
In place of 10.X.X.0 you have to put your office network address
and subnet mask.
You have to know you office network address and subnet mask!!!!
to revert the changes
you have to use
route delete 10.X.X.0 mask 255.255.255.0 172.A.A.A
route delete 0.0.0.0 mask 0.0.0.0 172.A.A.A metric 30
regards
Naren
route add 10.X.X.0 mask 255.255.255.0 172.A.A.A
route add 0.0.0.0 mask 0.0.0.0 172.A.A.A metric 30
In place of 10.X.X.0 you have to put your office network address
and subnet mask.
You have to know you office network address and subnet mask!!!!
to revert the changes
you have to use
route delete 10.X.X.0 mask 255.255.255.0 172.A.A.A
route delete 0.0.0.0 mask 0.0.0.0 172.A.A.A metric 30
regards
Naren
ASKER
Yes, I did it ....
the real command was
route add 10.40.41.0 mask 255.255.255.0 172.A.A.A
since my IP is 10.40.41.113 ....
There is already present a similar route for 10.40.0.0 with mask 255.255.0.0 and the same gateway 172.A.A.A; and another for 10.40.0.0 with mask 255.255.0.0 and my LAN IP as gateway; both have metric is 1.
Also your 2nd command corresponds to a route already present but with metric 1 instead of 30.
the real command was
route add 10.40.41.0 mask 255.255.255.0 172.A.A.A
since my IP is 10.40.41.113 ....
There is already present a similar route for 10.40.0.0 with mask 255.255.0.0 and the same gateway 172.A.A.A; and another for 10.40.0.0 with mask 255.255.0.0 and my LAN IP as gateway; both have metric is 1.
Also your 2nd command corresponds to a route already present but with metric 1 instead of 30.
172.A.A.A >>>is this the address given by VPN server????
then what is 10.40.41.113, i guess this is the address given by vpn server
if thats the case
route add 10.40.0.0 mask 255.255.0.0 10.40.41.113
route add 0.0.0.0 mask 0.0.0.0 10.40.41.113 metric 30
if the first line is already create then no need to add.
i know second will be there, but we have to change the metric more than i.e 30
there will be also another route like
route add 0.0.0.0 mask 0.0.0.0 X.X.X.X metric 20 i guess
if the metric is more it is given less preference.... that way
your default gateway will be your nornal internet gateway...
but the VPN traffic will be routed to your VPN ip Address.
before all the traffice was directed to VPN ip address as its metric is 1 i.e highest.
let me know if you didnt understand any part
regards
Naren
then what is 10.40.41.113, i guess this is the address given by vpn server
if thats the case
route add 10.40.0.0 mask 255.255.0.0 10.40.41.113
route add 0.0.0.0 mask 0.0.0.0 10.40.41.113 metric 30
if the first line is already create then no need to add.
i know second will be there, but we have to change the metric more than i.e 30
there will be also another route like
route add 0.0.0.0 mask 0.0.0.0 X.X.X.X metric 20 i guess
if the metric is more it is given less preference.... that way
your default gateway will be your nornal internet gateway...
but the VPN traffic will be routed to your VPN ip Address.
before all the traffice was directed to VPN ip address as its metric is 1 i.e highest.
let me know if you didnt understand any part
regards
Naren
ASKER
172.A.A.A is this the address given to me by the VPN server
10.40.41.113 is my local IP inside my LAN
VPN server IP is 85.V.V.V
10.40.41.113 is my local IP inside my LAN
VPN server IP is 85.V.V.V
guys, route modification doesn't work with Cisco VPN clients. I have tried the same solution before to no avail. It just
doesn't work like it does for PPTP clients. It's by design. It is something that needs to be done on the VPN server itself, like I said centralized policy pushed. Claud, you need to talk to the administrator of the VPN server and request for internet access or atleast access to your own local LAN. That is the only way.
doesn't work like it does for PPTP clients. It's by design. It is something that needs to be done on the VPN server itself, like I said centralized policy pushed. Claud, you need to talk to the administrator of the VPN server and request for internet access or atleast access to your own local LAN. That is the only way.
may be you just need to add just this line, as the other route is already added by VPN policy.
route add 0.0.0.0 mask 0.0.0.0 172.A.A.A metric 30
route add 0.0.0.0 mask 0.0.0.0 172.A.A.A metric 30
Thanks for the points, how did it go??
ASKER
Nothing to unfortunately .... I gave up trying ... thanks anyway for your suggestions ...
ASKER
route add 10.X.X.0 mask 255.255.255.0 172.A.A.A
route add 0.0.0.0 mask 0.0.0.0 172.A.A.A metric 30
but after that I'm no able to to reach the remote system and also not able to surf the web