Solved: Re: vpn routing issues...

eric · ‎10-15-2012

Here is my issue, with any luck someone can help...

I am using the Cisco client to establish a connection with a client. Once the connection is established I can no longer browse my local network. Below is the ipconfig results for both the local adapter and the VPN adapter.

Any help would be greatly appreciated.

Windows IP Configuration

Host Name . . . . . . . . . . . . : nvcadmin06

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-18-8B-00-5C-B1

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.20.0.5

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

208.67.222.222

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Cisco Systems VPN Adapter

Physical Address. . . . . . . . . : 00-05-9A-3C-78-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.10.10.197

Subnet Mask . . . . . . . . . . . : 255.0.0.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 192.168.2.19

Thank you in advance.

Javier Portuguez · ‎10-16-2012

Hi Eric,

Unfortunately no, this is controlled by the VPN server.

You may try to change the routing on your machine with static routes, but this is not supported, since it is considered a security risk.

I would recommend to you to contact the remote administrator and explain that you need "split-tunneling" instead of "tunnelall".

Thanks.

Portu.

Please rate any helpful posts

View solution in original post

Javier Portuguez · ‎10-16-2012

Eric,

I appreciate your understanding.

Please mark this post as answered.

Have a nice day.

View solution in original post

Javier Portuguez · ‎10-15-2012

Hi Eric,

According to your output you are tunneling all the traffic across the tunnel, since there is no default-gateway defined under the VPN adapter stats.

Please check this out and let me know:

ASA 8.x : Allow Split Tunneling for AnyConnect VPN Client on the ASA Configuration Example

* This also applies for the Cisco IPsec VPN client.

I hope to help.

Portu.

Please rate any helpful posts

eric · ‎10-16-2012

Thanks for the quick response. You are correct about all traffic going through the tunnel, and that is where I'm stuck. Unfortunately the vpn we are connecting to is a client of ours and we are unable to make any changes to their configuration. Are there any other options at this point?

Thanks!

Javier Portuguez · ‎10-16-2012

Hi Eric,

Unfortunately no, this is controlled by the VPN server.

You may try to change the routing on your machine with static routes, but this is not supported, since it is considered a security risk.

I would recommend to you to contact the remote administrator and explain that you need "split-tunneling" instead of "tunnelall".

Thanks.

Portu.

Please rate any helpful posts

eric · ‎10-16-2012

I thought you might say that. While not what I was hoping to hear, I certainly appreciate your help.

Thanks,

Eric

Javier Portuguez · ‎10-16-2012

Eric,

I appreciate your understanding.

Please mark this post as answered.

Have a nice day.