Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1664
Views
0
Helpful
1
Replies

AnyConnect VPN Connection on Host Not Routing to Local Microsoft Virtual PC (VPC) VM

bkellermann1
Level 1
Level 1

‎10-28-2015 08:40 AM - edited ‎02-21-2020 08:31 PM

Good Morning Guys -

I need assistance with an issue I'm having with Microsoft Virtual PC (VPC), please. Recently, we retired an old Virtual environment and for ~10 users we copied their VHD to their local PC, installed Microsoft VPC (they sll run Windows 7 x64 Ent), and build a new VM around it. Once finished, the user could simply launch VPC to use the same VM they previously connected to via RDP.

Shortly after setting this up, we ran into a big issue. Many of the users work from home and VPN in. When connected to the VPN (using AnyConnect on their laptop which is VPC host) from home, their VPC couldn't contact any domain / work network resource. For some reason, the VPN connection wasn't passing through. Thinking it was an easy fix, I changed their VPC Virtual Network adapter to "Shared Network" (NAT), but that didn't work. I then tried assigning each of the adapters possible to be assigned to the virtual NIC and still - none allowed passthrough.

My Issue / Question
How can I get VPN passthrough (from the host) to work for these VPC VMs? Below are a few details about the environment plus what I've tried to get it working so far.

Environment Details

  • All VPC "host" systems are on Windows 7 x64 Enterprise and are or are close to being fully patched. Each uses Cisco AnyConnect Secure Mobility Client 3.1.03103 to connect to the VPN which by default allows LAN traffic when connected
  • The VPC version installed is the newest version as it was downloaded and installed on each within the past 2 weeks
  • All of the VPC "guest" VMs run Windows XP. These OS's are hardly patched at all therefore don't support some things such as IPv6. Integration tools has also been installed and is enabled on each

What I've Tried
I set up a laptop running our company image (Windows 7) then installed VPC and created a VM from one of the same XP VHDs one of the users is using. I then connected the laptop to a test WiFi we have here which is a cable modem and a separate, outside network than our company one. So far, I've tested the following:

  • Variety of Network Adapter Configurations: I tried configuring VPC's virtual NICs using each possible choice provided - including "Shared Network" and the "Cisco AnyConnect" adapter which appeared whenever the VPN was connected. Note: On the host side, the Cisco Adapter assigns an IPv4 address like 192.168.245.241 /24. When assigned to a VNIC, both the Shared and Cisco adapters provided the VPC with an IP in the same subnet - 192.168.131
  • IPv6 Configuration: I noticed that when connected to the VPN, the Cisco adapter on the host would be assigned a synamic IPv4 and IPv6 address. Since I saw that the XP VPC didn't support IPv6, I tried disabling IPv6 on the host's Cisco Adapter. Once I did, I lost the VPN connection and could not reconnect. After a host restart, I found that the IPv6 adapter had automatically been re-enabled during boot

To Test Next
Before testing anymore, I wanted to make a couple of posts including this one. However, below are the things I plan to test next unless I receive a reply soon

  • Install VPN Client directly onto VPC: This is a last resort as users wouldn't like this and it would cause confusion for them. I honestly don't know if it would work technically or as our VPN may only allow a user to connect via one systems at once
  • Patch VPC 100%: As mentioned, VPC runs XP and none of the users have one which is close to being fully patched. Perhaps making XP compliant will fix the issue due to a past bug that was patched for this issue, additional IPv6 support, or even integration tool updates

So - That's about everything. Do you have any suggestions or know what the issue is / how to resolve it? Happy to try whatever and / or provide further detail if needed. Thanks!!

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎10-28-2015 09:49 AM

Install VPN Client directly onto VPC: This is a last resort as users wouldn't like this and it would cause confusion for them. I honestly don't know if it would work technically or as our VPN may only allow a user to connect via one systems at once

Unfortunately this is the only way around this issue.  As you have noticed when Anyconnect establishes a VPN connection a virtual network adapter is created for that PC alone, and only encrypts locally generated traffic.  When you set up a VPC that is by definition its own PC and when you NAT to the host IP all you are doing is a "hide NAT". The traffic isn't seen as originating from the host but you are just hiding the VPC IP behind the host PC IP.

So again, you have to install the AnyConnect client on the VPC to get the desired result.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents