[Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2336
  • Last Modified:

When Using Cisco VPN Client on Mac OSX Leopard I lose Internet connectivity.

This seems to be a commonly asked question, but not of the existing answers seem to fit my situation.

After connecting to the remote network using Cisco VPN Client 4.9.01 on my MacBook Pro I lose network connectivity.  The connection to the remote network is fine, but I lose Browsing, timemachine, ping, ....

I was previously able to do this.
I called the helpdesk and they claim to have not changed any settings on the server side.  Previously I used my own Internet connection and did not go through their proxy ( I do not even know if they have a proxy, even if they have a proxy I do not want to use it because their Internet connection is much slower than mine ).  

In the properties of my client sw I have "allow local LAN Access" checked.

One other person had this same problem at the same time so this indicates that the help desk changed something; could just be a coincidence as yet another person is NOT having a problem.

What else can I change on my client end to try to fix this?
What can I look for in the log to see if server side is disabling my Internet access?

  • 3
  • 3
1 Solution
In the MAC client, the "allow local LAN access" is the key.    
When this parameter is enabled:
     -You can access up to 10 networks. A network administrator at the central site configures a list of networks at the VPN Client side that you can access.
     - If you are connected to a central site, all traffic from your system goes through the IPSec tunnel except traffic to the networks excluded

If its disabled, then all traffic goes through the IPSEC tunnel.  

Since you have it checked, you can see a list of the local LANs that are available by choosing Statistics from the Status menu and clicking the Route Details tab.

Check the routes, post them here for review and lets see where your internet traffic is going.    

Bottom line, I think something was modified and they aren't telling you....
PottmiAuthor Commented:

"Local Lan Routes" is empty
"Secured Routes" is and for Network and Subnet Mask.

I suspect that someone modified it without logging it in the help desk log.

I am not familiar with the server side.  What can I tell them to look at to confirm the setting on their end?

1 of 2 things....

1) If you were sending company info through IPSEC and  internet through your own connection, then your admin has to setup Split tunneling where only the traffric bound for the company lan is send via ipsec.  

2) If your internet traffic is sent via IPSEC as well whenever VPN is conencted, then the vpn ip pool was removed from the outbound access list.  

If your admins backup code on a schedule, then all they need to do is run a quick compare of the show run against a saved config for the changes....    

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

PottmiAuthor Commented:

I am confident that I was previously configured as your #1.  I never checked, but I would have noticed a major slow down as my Internet is much faster than theirs.

I am sure they do backups, but I am not sure they will know what file to pull from backup in order to do the compare.  Can you give me your best guess as to what/where that file is?  I will pass that along to them.
I would have no way of knowing how the backups are done...   there's a hundred ways of backing this up.  

Using the built in write net, the ASDM backup command, or the dozens of 3rd party utils like CatTools.    Some are manual, some can be automated.   The file names and locations of the backups are all up to the admin.    

PottmiAuthor Commented:
The helpdesk did not respond to my request as to what they changed to get it to work, but I think it is safe to say they say changed something that broke it.  Probably with good intentions.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now