03-02-2017 02:28 AM
Hi there,
We've got a problem in our company. We've been granted an access to a VPN from a public institution to accomplish a work, which demans a connection to a database. We've been suggested to use Cisco AnyConnect Secure Mobile Client, which we've got installed and configured properly.
Indeed, we're able to establish a connection to the VPN and connect to the desired database. Unfortunately, each time we connect to the VPN we lose connection to our LAN.
I know there is an option in Preferences called "Allow local (LAN) access when using VPN (if configured)", which I obviously have it checked. But it doesn't work at all.
Why is it happening?
Hints:
Cisco AnyConnect Secure Mobility Client 4.1.08005
(Thu Mar 02 11:25:12 2017)Connection Information
State: Connected
Tunnel Mode (IPv4): Split Include
Tunnel Mode (IPv6): Drop All Traffic
Duration: 00:18:41
Address Information
Client (IPv4): 172.27.13.166
Client (IPv6): Not Available
Server: 80.245.0.49
Bytes
Sent: 221450
Received: 165562
Frames
Sent: 1146
Received: 1050
Control Frames
Sent: 75
Received: 38
Client Management
Administrative Domain: Undefined
Profile Name: sustituye.xml
Transport Information
Protocol: DTLS
Cipher: RSA_AES_128_SHA1
Compression: None
Proxy Address: No Proxy
Feature Configuration
FIPS Mode: Disabled
Trusted Network Detection: Disabled
Always On: Disabled
Secure Mobility Solution
Status: Unconfirmed
Appliance: Not Available
Cisco AnyConnect Secure Mobility Client 4.1.08005
(Thu Mar 02 11:26:06 2017)Non-Secured Routes (IPv4)
0.0.0.0/0
Cisco AnyConnect Secure Mobility Client 4.1.08005
(Thu Mar 02 11:27:01 2017)Secured Routes (IPv4)
172.20.8.0/24
172.27.0.0/16
172.31.0.0/16
192.168.0.0/16
80.245.0.13/32
80.245.0.15/32
172.30.43.0/24
80.245.2.110/32
80.245.2.91/32
10.0.0.0/8
172.20.8.55/32
172.27.2.86/32
(empty)
02/03/2017
10:41:11 Ready to connect.
11:06:23 Contacting Conexion Ltk.
11:06:30 User credentials entered.
11:06:30 Establishing VPN session...
11:06:31 The AnyConnect Downloader is performing update checks...
11:06:31 Checking for profile updates...
11:06:31 Checking for product updates...
11:06:31 Checking for customization updates...
11:06:31 Performing any required updates...
11:06:31 The AnyConnect Downloader updates have been completed.
11:06:31 Establishing VPN session...
11:06:31 Establishing VPN - Initiating connection...
11:06:32 Establishing VPN - Examining system...
11:06:32 Establishing VPN - Activating VPN adapter...
11:06:40 Establishing VPN - Configuring system...
11:06:41 Establishing VPN...
11:06:42 Connected to Conexion Ltk.
Any would will be appreciated, thank you.
Solved! Go to Solution.
03-02-2017 02:59 AM
On the VPN-Gateway is a Split-Tunnel-config that tells the client to route all traffic for 192.168.0.0/16 through the tunnel.
Ideally, the VPN-Gateway admin should change this config for your VPN to just include the network that you need and not the whole 192.168.0.0/16.
Or, quick and dirty: This is only local routing. After connecting to the VPN, you can delete the received route for 192.168.0.0/16 and replace it with a route to the needed system. You need local admin rights on your PC for that.
03-02-2017 02:59 AM
On the VPN-Gateway is a Split-Tunnel-config that tells the client to route all traffic for 192.168.0.0/16 through the tunnel.
Ideally, the VPN-Gateway admin should change this config for your VPN to just include the network that you need and not the whole 192.168.0.0/16.
Or, quick and dirty: This is only local routing. After connecting to the VPN, you can delete the received route for 192.168.0.0/16 and replace it with a route to the needed system. You need local admin rights on your PC for that.
03-02-2017 03:07 AM
Thanks for your quick reply tehen.
First off I'd like to try the latter solution you gave to me (before contacting them). Where should I modify the route? I've got admin rights.
03-02-2017 03:13 AM
You have to do it in the local routing-table of your PC:
https://www.howtogeek.com/howto/windows/adding-a-tcpip-route-to-the-windows-routing-table/
You'll find many routes pointing to the VPN-adapter. The one for 192.168.0.0 is the problematic one that needs to be removed and you need a new one for the needed network pointing to the VPN-adapter.
03-02-2017 03:15 AM
Thanks for your assistance, you meant at windows level.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide