cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2861
Views
0
Helpful
3
Replies

VPN client on Windows 7 cannot access Remote access

s.aliyarukunju
Level 1
Level 1

Dear Support,

Recently i have received one of my collegue's laptop that is running windows 7.I have installed cisco VPN client version 5.0.07.0290 on it and  VPN client appears to connect to our ASA5540, but we are unable to connect (remote desktop) to any machines on our network as it does on our XP laptops.  Furthermore, we cannot ping any as well.  Also, while connected the Windows 7 machine is still able to access internet site as if split-tunneling was configured, which its not.

But after some searching , i found from "routeprint" output (shown below ) that my local internet gateway is prefered over the VPN gateway which is 10.10.4.1.Here 10.10.4.19 is the IP address assigned for VPN adaptor.

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0                    0.0.0.0      192.168.1.1      192.168.1.2     25
          0.0.0.0                    0.0.0.0        10.10.4.1       10.10.4.19    100

But after i manually add the below route on windows 7 laptop , it started connecting to remote desktop successfully.

route change 0.0.0.0 mask 0.0.0.0 10.10.4.1 metric 20

But aftersome time of idle state , it is again going back to original route state of prefering the local gateway of 192.168.1.2 and thus unable to connect to Remote Desktop again.

Could you please have a look on this scenario and your help & support on this issue is highly appreciated as our employees are started using / upgrading  to Windows 7 32/64 bit OS on their laptops.

Thanks

shiji

3 Replies 3

Hi,

Questions...
Is it showing the VPN connected on the client but it just prefers the local gateway by default?
And this happens only to all windows 7 machines?

It seems that the VPN connects, but since the client prefers the local gateway, it sends all traffic
in clear text (not encrypting any packets), once you change the metric for the route, the client
prefers the tunnel, and there's no Internet anymore correct?

The default behavior is that the client should send everything through the tunnel when there's no split-tunneling.

Can you confirm that the VPN shows connected?

Federico.

Hi Fedrico,

Many thanks for your reply.

Please find the below answers in bold.

Is it showing the VPN connected on the client but it just prefers the local gateway by default?

Yes , the VPN client is showing successfully connected and assiging with the ip address range of 10.10.4.X

And this happens only to all windows 7 machines?

Yes , this happened only for windows 7 and i have tested serveral times with windows XP from the same internet connection and XP works fine.

Best Regards

shiji

Herbert Baerten
Cisco Employee
Cisco Employee

s.aliyarukunju wrote:

the Windows 7 machine is still able to access internet site as if split-tunneling was configured, which its not.

Just to be sure: is split-tunneling really completely disabled, or is it enabled with a split-tunnel-list that includes "ip any any" ?

If it is the latter, disable split-tunnel instead.

Herbert