Microsoft Virtual PC (VPC): Cannot Get VPN Passthrough from Host to Work

Good Morning Guys -

I need assistance with an issue I'm having with Microsoft Virtual PC (VPC), please.  Recently, we retired an old Virtual environment and for ~10 users we copied their VHD to their local PC, installed Microsoft VPC (they sll run Windows 7 x64 Ent), and build a new VM around it.  Once finished, the user could simply launch VPC to use the same VM they previously connected to via RDP.

Shortly after setting this up, we ran into a big issue.  Many of the users work from home and VPN in.  When connected to the VPN (using AnyConnect on their laptop which is VPC host) from home, their VPC couldn't contact any domain / work network resource.  For some reason, the VPN connection wasn't passing through.  Thinking it was an easy fix, I changed their VPC Virtual Network adapter to "Shared Network" (NAT), but that didn't work.  I then tried assigning each of the adapters possible to be assigned to the virtual NIC and still - none allowed passthrough.

My Issue / Question
How can I get VPN passthrough (from the host) to work for these VPC VMs?  Below are a few details about the environment plus what I've tried to get it working so far.

Environment Details
All VPC "host" systems are on Windows 7 x64 Enterprise and are or are close to being fully patched.  Each uses  Cisco AnyConnect Secure Mobility Client 3.1.03103 to connect to the VPN which by default allows LAN traffic when connected
The VPC version installed is the newest version as it was downloaded and installed on each within the past 2 weeks
All of the VPC "guest" VMs run Windows XP.  These OS's are hardly patched at all therefore don't support some things such as IPv6.  Integration tools has also been installed and is enabled on each

What I've Tried
I set up a laptop running our company image (Windows 7) then installed VPC and created a VM from one of the same XP VHDs one of the users is using.  I then connected the laptop to a test WiFi we have here which is a cable modem and a separate, outside network than our company one.  So far, I've tested the following:
Variety of Network Adapter Configurations:  I tried configuring VPC's virtual NICs using each possible choice provided - including "Shared Network" and the "Cisco AnyConnect" adapter which appeared whenever the VPN was connected.  Note: On the host side, the Cisco Adapter assigns an IPv4 address like /24.  When assigned to a VNIC, both the Shared and Cisco adapters provided the VPC with an IP in the same subnet - 192.168.131
IPv6 Configuration: I noticed that when connected to the VPN, the Cisco adapter on the host would be assigned a synamic IPv4 and IPv6 address.  Since I saw that the XP VPC didn't support IPv6, I tried disabling IPv6 on the host's Cisco Adapter.  Once I did, I lost the VPN connection and could not reconnect.  After a host restart, I found that the IPv6 adapter had automatically been re-enabled during boot

To Test Next
Before testing anymore, I wanted to make a couple of posts including this one.  However, below are the things I plan to test next unless I receive a reply soon
Install VPN Client directly onto VPC:  This is a last resort as users wouldn't like this and it would cause confusion for them.  I honestly don't know if it would work technically or as our VPN may only allow a user to connect via one systems at once
Patch VPC 100%: As mentioned, VPC runs XP and none of the users have one which is close to being fully patched.  Perhaps making XP compliant will fix the issue due to a past bug that was patched for this issue, additional IPv6 support, or even integration tool updates

So - That's about everything.  Do you have any suggestions or know what the issue is / how to resolve it?  Happy to try whatever and / or provide further detail if needed.  Thanks!!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

For your VPC VMs, the host network behaves like a switch to connect to the network. Imagine the host and VPC as two independent machines on the same network.  The VM does not get the VPN connection of the host. The straightforward thing to do is install the VPN client on the VMs.

Otherwise,  look at moving the VMs back to the office.
Benjamin Van DitmarsSr Network EngineerCommented:
i had the same problem with a vpn appliance running with esx. in esx there is an option. with allow to bind more then 1 mac address to an ip address. this is because youre vpn server is the gateway for youre vpn clients. and it's called promiscuous mode.

i found an article. maybe this helps
BzowKAuthor Commented:
Thanks Guys -

I got a similar response from the same post on Cisco's forums so have been trying to install the client inside of the VPC VM, but am having issues.  More about it here if you have ideas :)  Just post the answer here if you want as I'm monitoring this page, too and want to give credit.

As fasr as promiscuous mode, that would be great if it's an option - but - these VMs are set up locally using VPC.  Imagine the feature comparison between Hyper-V & SCVMM.  That's the difference between VPC & Hyper-V - just enough to get it to turn on basically.  Still, if you have an idea for how to get it to work, I'm up for it as I'd much prefer not to have the client on the VPCs.

The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

The post you have on the Cisco web site lends me to believe that you have an issue with AnyConnect. I haven't used it before, so I suggest contacting Cisco support for that. The AnyConnect client on the host SHOULD NOT allow traffic from the VM through the host VPN tunnel. That would break the integrity of the VPN to allow traffic from another machine through the tunnel.

So, from an architectural standpoint I believe that you need to install VPN client on the VM, move the VM back to the office, or you can give your remote users a site to site VPN device, such as the Aerohive BR100. They used to sell for $99 ea plus an annual subscription.
BzowKAuthor Commented:
After trying tons of things, the only thing I could get to work was a 3rd party client installed directly on the VM as AnyCOnnect wouldn't work.  Unfortunatly, it was against company policy.  Thanks guys

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BzowKAuthor Commented:
It was the only solution that worked
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Virtual Server

From novice to tech pro — start learning today.