When Using Cisco VPN Client on Mac OSX Leopard I lose Internet connectivity.

Posted on 2009-02-23
Last Modified: 2012-05-06
This seems to be a commonly asked question, but not of the existing answers seem to fit my situation.

After connecting to the remote network using Cisco VPN Client 4.9.01 on my MacBook Pro I lose network connectivity.  The connection to the remote network is fine, but I lose Browsing, timemachine, ping, ....

I was previously able to do this.
I called the helpdesk and they claim to have not changed any settings on the server side.  Previously I used my own Internet connection and did not go through their proxy ( I do not even know if they have a proxy, even if they have a proxy I do not want to use it because their Internet connection is much slower than mine ).  

In the properties of my client sw I have "allow local LAN Access" checked.

One other person had this same problem at the same time so this indicates that the help desk changed something; could just be a coincidence as yet another person is NOT having a problem.

What else can I change on my client end to try to fix this?
What can I look for in the log to see if server side is disabling my Internet access?

Question by:Pottmi
    LVL 33

    Accepted Solution

    In the MAC client, the "allow local LAN access" is the key.    
    When this parameter is enabled:
         -You can access up to 10 networks. A network administrator at the central site configures a list of networks at the VPN Client side that you can access.
         - If you are connected to a central site, all traffic from your system goes through the IPSec tunnel except traffic to the networks excluded

    If its disabled, then all traffic goes through the IPSEC tunnel.  

    Since you have it checked, you can see a list of the local LANs that are available by choosing Statistics from the Status menu and clicking the Route Details tab.

    Check the routes, post them here for review and lets see where your internet traffic is going.    

    Bottom line, I think something was modified and they aren't telling you....

    Author Comment


    "Local Lan Routes" is empty
    "Secured Routes" is and for Network and Subnet Mask.

    I suspect that someone modified it without logging it in the help desk log.

    I am not familiar with the server side.  What can I tell them to look at to confirm the setting on their end?

    LVL 33

    Expert Comment

    1 of 2 things....

    1) If you were sending company info through IPSEC and  internet through your own connection, then your admin has to setup Split tunneling where only the traffric bound for the company lan is send via ipsec.  

    2) If your internet traffic is sent via IPSEC as well whenever VPN is conencted, then the vpn ip pool was removed from the outbound access list.  

    If your admins backup code on a schedule, then all they need to do is run a quick compare of the show run against a saved config for the changes....    


    Author Comment


    I am confident that I was previously configured as your #1.  I never checked, but I would have noticed a major slow down as my Internet is much faster than theirs.

    I am sure they do backups, but I am not sure they will know what file to pull from backup in order to do the compare.  Can you give me your best guess as to what/where that file is?  I will pass that along to them.
    LVL 33

    Expert Comment

    I would have no way of knowing how the backups are done...   there's a hundred ways of backing this up.  

    Using the built in write net, the ASDM backup command, or the dozens of 3rd party utils like CatTools.    Some are manual, some can be automated.   The file names and locations of the backups are all up to the admin.    


    Author Closing Comment

    The helpdesk did not respond to my request as to what they changed to get it to work, but I think it is safe to say they say changed something that broke it.  Probably with good intentions.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
    Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now