1. Home
  2. Virtual Private Networks
  3. Cisco VPN Routing

Cisco VPN Routing

Hi!

I use VPN to connect to my campus network to access an online library and a news-server. I only want the traffic bound for my university subnet to go through the VPN connection and the rest to go through my home router.

The client I'm using, and my university recommends, is Cisco VPN: version 4.8.01.0300. My OS is Windows XP.

So far I've tried to check the Allow local LAN access in the Cisco VPN client menus, then I used the "route" command to remove the VPN default gateway, after that I added a route for the university subnet and then added a default gateway which is my home router.

These are the steps i took: Logon to VPN server # Delete default route route delete 0.0.0.0 # Add the route to campus subnet. route add xxx.xxx.0.0 mask 255.255.0.0 if 0x50004 # Add default route route add 0.0.0.0 mask 0.0.0.0 if 0x2

After these steps the route to the campus subnet works and I can connect to all IPs on that subnet, however the default route does not work even though I can ping . An identical route works fine when VPN is not active.

I have been unsuccessful in locating relevant information on the web and I therefore post in this newsgroup.

Vegar

Reply to
Vegar
Loading thread data ...

Hi, No experience of the cisco client, but I know some of these can disable this sort of feature. Tried a tracert to an internet IP address ? perhaps it's just dns thats screwed by obtaining these from the Uni. It may well be barred to stop your PC acting as a path into the Uni network from the internet. simon.

Reply to
Simon

the Cisco VPN client can get sent a "policy" as part of the connection to the server - this can enforce the rules.

it comes from the server, so a local Internet access config will only help if the server sends a policy that allows it.

try asking whoever runs the server how it is set up.

look at the docs for the VPN 3000 series servers.

Reply to
stephen

Hi, and thanks for replying.

There is an open source client for linux which is able to connect to the campus VPN concentrator. Here's a link:

formatting link
Almost the exact same steps I listed in my first post works with this client. The client is however not availabe for Windows.

Simon:

There's no problem with DNS and a tracert gives nothing, it seems like everything not headed to the campus subnet never leaves the cisco vpn client computer.

Stephen:

So the cisco vpn client either overrides the routing table or has some kind of firewall?

I have sent a mail to the university support group with a reference to this discussion.

Reply to
vneshaug

You can not modify the routes when the VPN client is active. The VPN client's Virtual Adapter keeps a tab on the routing of the local system and will not let you modify the routes since it is a security breach.

Try adding another NIC on the system and keep it as the default gateway. So when you are trying to go to the univ. campus you use NIC 1 and when you are trying to go to local lan you use NIC2.

Expect some hiccups with two NICs and VPN client (not very grave) as the Cisco VPN client is not designed to work with two NICs.

Regards Vikas

Reply to
Vikas

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.