I have an access to corporate VPN using Cisco VPN Client 5.0.00:0340, but when I'm connected to it, I don't have an Internet access. I'm using Windows XP SP3. As it was suggested here
http://forums.speedguide.net/showthread.php?t=209167
, I tried to enable "Allow local LAN Access" but it doesn't work. I also tried a second solution – deleting entry using "route" command, but it didn't help. I used "route delete 192.168.100.222". It's a third day of my attempts to solve this issue and I don't have an idea what else to do. I'm not very experienced in VPN stuff, but I know something about networking. Basing on my knowledge, I think that it's theoretically possible to achieve Internet access using my local network and only corporate stuff to be routed using VPN connection.
I think that theoretically this should look like this:
- every IP being inside by corporation -> VPN interface IP
- every other IP -> my ethernet interface
I've tried many possibilities of how to change those routes, but neither of them work. I'd really appreciate any help.
My route configuration before connecting to VPN:
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 c0 a8 de 79 01 ...... Atheros AR5006EG Wireless Network Adapter - Teefer2 Miniport
0x10005 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Card
0x160003 ...00 17 42 31 0e 16 ...... Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller - Teefer2 Miniport
===========================================================================
===========================================================================
Active routes:
Network Destination Netmask Gateway Interface Metrics
0.0.0.0 0.0.0.0 192.168.101.254 192.168.100.222 10
10.0.0.0 255.255.255.0 10.0.0.10 10.0.0.10 30
10.0.0.10 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.100.0 255.255.254.0 192.168.100.222 192.168.100.222 1
192.168.100.222 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.100.255 255.255.255.255 192.168.100.222 192.168.100.222 1
224.0.0.0 240.0.0.0 10.0.0.10 10.0.0.10 3
224.0.0.0 240.0.0.0 192.168.100.222 192.168.100.222 1
255.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 1
255.255.255.255 255.255.255.255 192.168.100.222 192.168.100.222 1
255.255.255.255 255.255.255.255 192.168.100.222 2 1
Default gateway: 192.168.101.254.
===========================================================================
My route configuration after connection to VPN:
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 c0 a8 de 79 01 ...... Atheros AR5006EG Wireless Network Adapter - Teefer2 Miniport
0x10005 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Card
0x160003 ...00 17 42 31 0e 16 ...... Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller - Teefer2 Miniport
0x170006 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Teefer2 Miniport
===========================================================================
===========================================================================
Active routes:
Network Destination Netmask Gateway Interface Metrics
0.0.0.0 0.0.0.0 10.251.6.1 10.251.6.51 1
10.0.0.0 255.255.255.0 10.0.0.10 10.0.0.10 30
10.0.0.0 255.255.255.0 10.251.6.1 10.251.6.51 10
10.0.0.10 255.255.255.255 127.0.0.1 127.0.0.1 30
10.1.150.10 255.255.255.255 192.168.101.254 192.168.100.222 1
10.251.6.0 255.255.255.0 10.251.6.51 10.251.6.51 20
10.251.6.51 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 30
10.255.255.255 255.255.255.255 10.251.6.51 10.251.6.51 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.100.0 255.255.254.0 192.168.100.222 192.168.100.222 10
192.168.100.0 255.255.254.0 10.251.6.1 10.251.6.51 10
192.168.100.222 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.100.255 255.255.255.255 192.168.100.222 192.168.100.222 10
213.158.197.124 255.255.255.255 192.168.101.254 192.168.100.222 1
224.0.0.0 240.0.0.0 10.0.0.10 10.0.0.10 30
224.0.0.0 240.0.0.0 10.251.6.51 10.251.6.51 20
224.0.0.0 240.0.0.0 192.168.100.222 192.168.100.222 10
255.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 1
255.255.255.255 255.255.255.255 10.251.6.51 10.251.6.51 1
255.255.255.255 255.255.255.255 192.168.100.222 192.168.100.222 1
255.255.255.255 255.255.255.255 192.168.100.222 2 1
Default gateway: 10.251.6.1.
===========================================================================
Update:
@ggonsalv:
I did nearly the same thing as you've said. First I deleted "0.0.0.0" rule that was there during VPN connection. And then I've used your command, but with "if ethernet_card_id" at the end.
route add 0.0.0.0 mask 0.0.0.0 192.168.101.254 metric 1 if 0x3
That didn't work. What gives me a headache is how the hell the traffic is routed to the internal corporate network now. Routing is now set to route everything to my local network, not the VPN. When I type "google.com" in my browser, sniffer shows me that the DNS query goes to VPN DNS=10.22.20.1 which is defined as DNS address of VPN connection. I even changed DNS address in there to my local, now queries are with that address but I don't get any response. How is that even possible?! I'm not an expert at all and I just don't get it. Now my routing table looks like this (IP inside VPN changes between connections):
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 c0 a8 de 79 01 ...... Atheros AR5006EG Wireless Network Adapter - Teefer2 Miniport
0x3 ...00 17 42 31 0e 16 ...... Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller - Teefer2 Miniport
0x10005 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Card
0x20006 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Teefer2 Miniport
===========================================================================
===========================================================================
Active routes:
Network Destination Netmask Gateway Interface Metrics
0.0.0.0 0.0.0.0 192.168.101.254 192.168.100.222 1
10.0.0.0 255.255.255.0 10.0.0.10 10.0.0.10 30
10.0.0.0 255.255.255.0 10.251.6.1 10.251.6.144 20
10.0.0.10 255.255.255.255 127.0.0.1 127.0.0.1 30
10.1.150.10 255.255.255.255 192.168.101.254 192.168.100.222 1
10.251.6.0 255.255.255.0 10.251.6.144 10.251.6.144 20
10.251.6.144 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 30
10.255.255.255 255.255.255.255 10.251.6.144 10.251.6.144 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.100.0 255.255.254.0 192.168.100.222 192.168.100.222 20
192.168.100.0 255.255.254.0 10.251.6.1 10.251.6.144 20
192.168.100.222 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.100.255 255.255.255.255 192.168.100.222 192.168.100.222 20
213.158.197.124 255.255.255.255 192.168.101.254 192.168.100.222 1
224.0.0.0 240.0.0.0 10.0.0.10 10.0.0.10 30
224.0.0.0 240.0.0.0 10.251.6.144 10.251.6.144 20
224.0.0.0 240.0.0.0 192.168.100.222 192.168.100.222 20
255.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 1
255.255.255.255 255.255.255.255 10.251.6.144 10.251.6.144 1
255.255.255.255 255.255.255.255 192.168.100.222 192.168.100.222 1
255.255.255.255 255.255.255.255 192.168.100.222 2 1
Default gateway: 192.168.101.254.
===========================================================================
I even deleted this line and it didn't help:
192.168.100.0 255.255.254.0 10.251.6.1 10.251.6.144 20
Best Answer
Not sure on the Cisco setup, because we use Watchguard. However, when setting up a new VPN account I have a checkbox that says forward all traffic from user over VPN. If this is checked all network traffic from the user is forced through the VPN. This is set up on the gateway device, not on the users system. I don't know if it is the same with Cisco, but I would assume it is similar.