Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3322
Views
0
Helpful
4
Replies

Could not access LAN when connected to VPN

Go to solution
sanchez_ingartek
Level 1
Level 1

‎03-02-2017 02:28 AM

Hi there,

We've got a problem in our company. We've been granted an access to a VPN from a public institution to accomplish a work, which demans a connection to a database. We've been suggested to use Cisco AnyConnect Secure Mobile Client, which we've got installed and configured properly.

Indeed, we're able to establish a connection to the VPN and connect to the desired database. Unfortunately, each time we connect to the VPN we lose connection to our LAN.

I know there is an option in Preferences called "Allow local (LAN) access when using VPN (if configured)", which I obviously have it checked. But it doesn't work at all.

Why is it happening?

Hints:

  • Our LAN network is on 192.168.1.x and theirs seem to be on 192.168.32.17.
  • Statistics:

Cisco AnyConnect Secure Mobility Client 4.1.08005
(Thu Mar 02 11:25:12 2017)

Connection Information
State: Connected
Tunnel Mode (IPv4): Split Include
Tunnel Mode (IPv6): Drop All Traffic
Duration: 00:18:41
Address Information
Client (IPv4): 172.27.13.166
Client (IPv6): Not Available
Server: 80.245.0.49
Bytes
Sent: 221450
Received: 165562
Frames
Sent: 1146
Received: 1050
Control Frames
Sent: 75
Received: 38
Client Management
Administrative Domain: Undefined
Profile Name: sustituye.xml
Transport Information
Protocol: DTLS
Cipher: RSA_AES_128_SHA1
Compression: None
Proxy Address: No Proxy
Feature Configuration
FIPS Mode: Disabled
Trusted Network Detection: Disabled
Always On: Disabled
Secure Mobility Solution
Status: Unconfirmed
Appliance: Not Available

  • Route details
    • Non secured routes (ipv4)

Cisco AnyConnect Secure Mobility Client 4.1.08005
(Thu Mar 02 11:26:06 2017)

Non-Secured Routes (IPv4)
0.0.0.0/0

    • Secured routes (ipv4)

Cisco AnyConnect Secure Mobility Client 4.1.08005
(Thu Mar 02 11:27:01 2017)

Secured Routes (IPv4)
172.20.8.0/24
172.27.0.0/16
172.31.0.0/16
192.168.0.0/16
80.245.0.13/32
80.245.0.15/32
172.30.43.0/24
80.245.2.110/32
80.245.2.91/32
10.0.0.0/8
172.20.8.55/32
172.27.2.86/32

  • Firewall

(empty)

  • Message history

02/03/2017
10:41:11 Ready to connect.
11:06:23 Contacting Conexion Ltk.
11:06:30 User credentials entered.
11:06:30 Establishing VPN session...
11:06:31 The AnyConnect Downloader is performing update checks...
11:06:31 Checking for profile updates...
11:06:31 Checking for product updates...
11:06:31 Checking for customization updates...
11:06:31 Performing any required updates...
11:06:31 The AnyConnect Downloader updates have been completed.
11:06:31 Establishing VPN session...
11:06:31 Establishing VPN - Initiating connection...
11:06:32 Establishing VPN - Examining system...
11:06:32 Establishing VPN - Activating VPN adapter...
11:06:40 Establishing VPN - Configuring system...
11:06:41 Establishing VPN...
11:06:42 Connected to Conexion Ltk.

Any would will be appreciated, thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎03-02-2017 02:59 AM

On the VPN-Gateway is a Split-Tunnel-config that tells the client to route all traffic for 192.168.0.0/16 through the tunnel.

Ideally, the VPN-Gateway admin should change this config for your VPN to just include the network that you need and not the whole 192.168.0.0/16.

Or, quick and dirty: This is only local routing. After connecting to the VPN, you can delete the received route for 192.168.0.0/16 and replace it with a route to the needed system. You need local admin rights on your PC for that.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Karsten Iwen
VIP
VIP

‎03-02-2017 02:59 AM

On the VPN-Gateway is a Split-Tunnel-config that tells the client to route all traffic for 192.168.0.0/16 through the tunnel.

Ideally, the VPN-Gateway admin should change this config for your VPN to just include the network that you need and not the whole 192.168.0.0/16.

Or, quick and dirty: This is only local routing. After connecting to the VPN, you can delete the received route for 192.168.0.0/16 and replace it with a route to the needed system. You need local admin rights on your PC for that.

0 Helpful

Go to solution
sanchez_ingartek
Level 1
Level 1
In response to Karsten Iwen

‎03-02-2017 03:07 AM

Thanks for your quick reply tehen

First off I'd like to try the latter solution you gave to me (before contacting them). Where should I modify the route? I've got admin rights.

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to sanchez_ingartek

‎03-02-2017 03:13 AM

You have to do it in the local routing-table of your PC:

https://www.howtogeek.com/howto/windows/adding-a-tcpip-route-to-the-windows-routing-table/

You'll find many routes pointing to the VPN-adapter. The one for 192.168.0.0 is the problematic one that needs to be removed and you need a new one for the needed network pointing to the VPN-adapter.

0 Helpful

Go to solution
sanchez_ingartek
Level 1
Level 1
In response to Karsten Iwen

‎03-02-2017 03:15 AM

Thanks for your assistance, you meant at windows level.

0 Helpful
Customers Also Viewed These Support Documents