• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3899
  • Last Modified:

Cisco VPN blocks Internet and LAN access

Hi,
I use Cisco VPN client to connect to a remote system from my corporate LAN.

In My LAN I get a local IP address (10.40.a.b); the whole LAN is natted outside with a single IP addess (194.x.y.z).

After I connect to VPN using Cisco client 4.6 I lose Internet and LAN access due to remote system restictions.

Is it possible to change routing table with route command and/or any opther network utility to gain again Internet and LAN access?
There are only a few remote addresses I need to reach by VPN, so I would like to redirect all the othe network traffic to my "regular" LAN connection.

Thanks
Claudio
0
claud_io
Asked:
claud_io
  • 5
  • 4
  • 3
3 Solutions
 
stressedout2004Commented:
If you are using the Cisco VPN client, the answer to your question is *No*. The change has to be done on the VPN server.
0
 
r_naren22atyahooCommented:
I am not sure, but i use this batch file to create the manual routes and gateways.
i use this after connecting to a PPTP tunnel.

-----------
@echo off

setlocal

set ip=
set foundPPP=

for /f "delims=" %%a in ('ipconfig /all') do call :PROCESS "%%a"

if "%ip%"=="" echo Can't find PPTP IP address.&goto :EOF

route add 10.21.1.0 mask 255.255.255.0 %ip%
route add 10.22.1.0 mask 255.255.255.0 %ip%
route add 10.60.1.0 mask 255.255.255.0 %ip%
route add 0.0.0.0 mask 0.0.0.0 %ip% metric 30

goto :EOF

:PROCESS

set Line=%~1

if "%Line%"=="" goto :EOF

if "%Line:~0,3%"=="PPP" set foundPPP=Y&goto :EOF

if "%foundPPP%"=="" goto :EOF

for /f "tokens=2 delims=:" %%a in ('echo " %Line% " ^| findstr /c:"IP Address"') do if not "%%a"=="" call :SETIP %%a

goto :EOF

:SETIP

set ip=%1
-------------------
This is a batch file, run this after the VPN conenction

or
just type this at command prompt

route add 10.X.X.0 mask 255.255.255.0 10.A.A.A
route add 0.0.0.0 mask 0.0.0.0 10.A.A.A metric 30
Where 10.X.X.0 is your office network address
10.A.A.A is the ip address given to you after connecting to the VPN

regards
Naren
0
 
stressedout2004Commented:
For PPTP tunnel it is possible, but not when using Cisco VPN client (as far as I know). It is a centralized pushed policy type of connection. Everything is controlled by the VPN server. The ability to surf the internet and browse local LAN is controlled by the split tunneling policy which is configured on the VPN server. You have to talk to the administrator of your VPN server. However, you can try what Naren is suggesting, it doesn't hurt.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
claud_ioAuthor Commented:
The IP given to me after connecting to the VPN is of the form 172.A.A.A so I tried to add

route add 10.X.X.0 mask 255.255.255.0 172.A.A.A
route add 0.0.0.0 mask 0.0.0.0 172.A.A.A metric 30

but after that I'm no able to to reach the remote system and also not able to surf the web

0
 
r_naren22atyahooCommented:
This is wrong

route add 10.X.X.0 mask 255.255.255.0 172.A.A.A
route add 0.0.0.0 mask 0.0.0.0 172.A.A.A metric 30

In place of 10.X.X.0 you have to put your office network address
and subnet mask.
You have to know you office network address and subnet mask!!!!


to revert the changes
you have to use
route delete 10.X.X.0 mask 255.255.255.0 172.A.A.A
route delete 0.0.0.0 mask 0.0.0.0 172.A.A.A metric 30

regards
Naren

0
 
claud_ioAuthor Commented:
Yes, I did it ....

the real command was

route add 10.40.41.0 mask 255.255.255.0 172.A.A.A

since my IP is 10.40.41.113 ....

There is already present a similar route for 10.40.0.0 with mask 255.255.0.0 and the same gateway 172.A.A.A; and another for 10.40.0.0 with mask 255.255.0.0 and my LAN IP as gateway; both have metric is 1.

Also your 2nd command corresponds to a route already present but with metric 1 instead of 30.

0
 
r_naren22atyahooCommented:
172.A.A.A >>>is this the address given by VPN server????
then what is 10.40.41.113, i guess this is the address given by vpn server
if thats the case
route add 10.40.0.0 mask 255.255.0.0 10.40.41.113
route add 0.0.0.0 mask 0.0.0.0 10.40.41.113 metric 30

if the first line is already create then no need to add.
i know second will be there, but we have to change the metric more than i.e 30

there will be also another route like
route add 0.0.0.0 mask 0.0.0.0 X.X.X.X metric 20 i guess

if the metric is more it is given less preference.... that way
your default gateway will be your nornal internet gateway...
but the VPN traffic will be routed to your VPN ip Address.

before all the traffice was directed to VPN ip address as its metric is 1 i.e highest.

let me know if you didnt understand any part

regards
Naren


0
 
claud_ioAuthor Commented:
172.A.A.A is this the address given to me by the VPN server
10.40.41.113 is my local IP inside my LAN
VPN server IP is 85.V.V.V

0
 
stressedout2004Commented:
guys, route modification doesn't work with Cisco VPN clients. I have tried the same solution before to no avail. It just
doesn't work like it does for PPTP clients. It's by design.  It is something that needs to be done on the VPN server itself, like I said centralized policy pushed.  Claud, you need to talk to the administrator of the VPN server and request for internet access or atleast access to your own local LAN. That is the only way.
0
 
r_naren22atyahooCommented:
may be you just need to add just this line, as the other route is already added by VPN policy.
route add 0.0.0.0 mask 0.0.0.0 172.A.A.A metric 30
0
 
r_naren22atyahooCommented:
Thanks for the points, how did it go??
0
 
claud_ioAuthor Commented:
Nothing to unfortunately .... I gave up trying ... thanks anyway for your suggestions ...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now