Solved

how to add static route after connecting to Cisco VPN

Posted on 2008-10-14
10
3,454 Views
Last Modified: 2009-06-15
Hi,

We have 2 networks in our office 192.168.1.x and 192.168.116..x. There's a windows XP box (SP3) in 192.168.1.x and has default gateway (192.168.1.1) set for connecting internet and other network 192.168.116.x.

When this box connects to remote Cisco VPN, its Default gateway gets changed and 192.168.116.x is not accessible (we don't need Internet here but must be able to connect the other network while being connected to VPN as well). So, i added a static route (after connecting to VPN) as below but no use.

route add 192.168.116.0 mask 255.255.255.0 192.168.1.1 metric 1

when i tried tracert it does not display any gateway/hop except for *.


Please advise.

Thanks
Bhvn
0
Comment
Question by:p_bhvn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 3

Expert Comment

by:JasonTracy
ID: 22711880
The company that is hosting the VPN must allow for split tunneling, and you must make sure that the "Allow local lan" checkbox is selected in the VPN client.

Many companies do not allow a VPN client user to access both a local network and the VPN network, as there are some security issues with that.
0
 

Author Comment

by:p_bhvn
ID: 22712017
Hi JasonTracy,

LocalLAN option enabled in the VPN client and I'm able to access ALL LAN resources within 192.168.1.x. But i'm NOT able to access 192.168.116.x even after adding the static route as

route add 192.168.116.0 mask 255.255.255.0 192.168.1.1 metric 1


Thanks,
Bhvn
0
 
LVL 3

Expert Comment

by:JasonTracy
ID: 22712065
The VPN client wins over what is in the XP routes.  You are doing the XP part right.

Go to Status, Statistics, and choose the "Route Details" tab when connected over VPN.  What does it say for local LAN routes and Secured Routes?
0
Are Your IoT Devices Out to Get You?

IoT business is booming, with manufacturers connecting any and every “thing” to the Internet. But as pressure grows to release new products faster and faster, we’re all left to wonder: is security a priority? Join our webinar on June 29th for the answer.

 

Author Comment

by:p_bhvn
ID: 22712118
Hi,

Local LAN Routes have only 1 entry:

Network = 192.168.1.0
Subnet Mask = 255.255.255.0

and Secured Routes have only 1 entry:

Network = 0.0.0.0
Subnet Mask = 0.0.0.0

This could be because there're no in-built static routes entered into the VPN client. But My concern here is that i ran the static route command after connecting to VPN which should work. Am i wrong?

Please advise if there's any other way i could access my other network (perhaps, another NIC? etc.)

Thanks
Bhvn
0
 
LVL 3

Expert Comment

by:JasonTracy
ID: 22712182
Ok, the problem is that "Secured Routes" is set to everything.  While the "allow local access" box allows access to 192.168.1.0/24, the VPN client is being told by the VPN server that everything else MUST be encrypted and sent to the VPN server.  This includes packets bound for 192.168.16.0/24.  

The company that has the VPN server needs to use "Split Tunneling" and only tunnel the networks they need.  For example, if you're accessing something on the 192.168.100.0/24 network, only that network should be listed in the secured routes table.
0
 

Author Comment

by:p_bhvn
ID: 22712195
Also, OS command "route print" shows the static route that i added.
0
 
LVL 3

Accepted Solution

by:
JasonTracy earned 250 total points
ID: 22712206
As to your concern about the static routes not working, or another NIC, no, neither will work.  When you install the VPN client, you are giving the VPN server the ability to control how the routing works on that PC.  They can decide that they do not want to allow other networks, and your PC will obey as long as it is connected.

As for another NIC, that would only work if it could be directly connected to the 192.168.16.0/24 network, but I doubt you would be able to do that since I assume that is a seperate location.
0
 
LVL 3

Expert Comment

by:JasonTracy
ID: 22712216
Sorry, I keep saying 192.168.16.0/24 when I mean 192.168.116.0/24.
0
 

Author Comment

by:p_bhvn
ID: 22712241
Thank you jasonTracy for the support you have provided...
0
 
LVL 9

Expert Comment

by:Sean McIlvenna
ID: 24631040
So what do you need to do if you have two NICs? I intend for one NIC to be connected to the VPN, and for the other to be connected to the Local LAN... How would I add the static routes to get my second NIC to direct traffic for my local network. The VPN network is on 10.0.1.X while my local network is on 192.168.0.X. Thanks!
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question