Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2896
Views
0
Helpful
3
Replies

VPN Client Drop Host Internet Connection - 2012 Server

tr0users12
Level 1
Level 1

‎02-05-2013 07:29 AM

Hi

I am running Windows Server 2012 Standard on a VM (VMWare Player 8), on a Win 7 Ultimate host.

My VM is using a NAT configuration to provide internetg access from the host. This works fine until I connect to my employer's network using the Cisco VPN Client version 5.0.07.0440 (running on the win2012 VM). Although I then get access to my employers network I loose internet access on my VM.

Could any please tell me how I can prevent the internet connection from being dropped?

Thanks

Rob.

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎02-05-2013 08:17 AM

Hi,

I would seem to me that if you are using a Cisco VPN Client (AnyConnect or old IPsec client) to your company network and loose internet connectivity that the reason for this is that the VPN Client connections is configured as "Full Tunnel" and the configurations on the VPN device are done so that it doesnt allow the traffic to Internet but only to the company network.

When you have the VPN Client connection active, try to open the Statistics or Advanced menu (depending on the Client software) and find the routing section of the that window. If the Client says something like "0.0.0.0 0.0.0.0" it means that all traffic from the VPN Client computer is forwarded to the VPN connection and no traffic heads out of your local Internet connection.

For Internet connections to work at the same time, either the VPN Client profile configurations need to be changed at the central site to allow connectivity to the Internet or the VPN Client connection type needs to be changed to "Split Tunnel" which would only forward traffic destined to your company network to the VPN and rest would use your local Internet connection.

Hopefully I made any sense

- Jouni

0 Helpful

tr0users12
Level 1
Level 1
In response to Jouni Forss

‎02-05-2013 11:06 AM

Hi Jouni, thank you for your reply.

When I view the "Route Details" table of the VPN client I can see that "Lacal LAN Routes" pane is blank. The "Secured Routes" pane lists one entry: Network=0.0.0.0 Subnet Mask=0.0.0.0.

Is there any change I can make that client to enable concurrent internet access from the VM, or is this something that must be done by the central VPN administrator?

Thanks, Rob.

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to tr0users12

‎02-05-2013 11:20 AM

Hi,

So seems the VPN Client connection you are using is "Full Tunnel" type. This means all traffic will get forwarded to the central/company site.

So enable Internet traffic while using the VPN Client connection you will need to either

  • Get the company to allow Internet access through the VPN Client connection
  • Change the VPN Client connection type to "Split Tunnel" where only the needed traffic is forwarded to the company network and rest bypass the VPN Client connection

I dont think there is much chances to accomplish this otherwise. The central side devices the VPN policy

Even though not a solution, in my work laptop I use a separate Virtual XP machine to sometimes initiate VPN Client connections which leaves my actual computer free to connect as it wants. Though this is mostly used by me to test VPN Connections and troubleshoot customer VPN problems.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents