|
Home > Archive > VPN > December 2006 > Cisco VPN Routing
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Hi!
I use VPN to connect to my campus network to access an online library
and a news-server. I only want the traffic bound for my university
subnet to go through the VPN connection and the rest to go through my
home router.
The client I'm using, and my university recommends, is cisco VPN:
version 4.8.01.0300. My OS is Windows XP.
So far I've tried to check the Allow local LAN access in the cisco VPN
client menus, then I used the "route" command to remove the VPN default
gateway, after that I added a route for the university subnet and then
added a default gateway which is my home router.
These are the steps i took:
Logon to VPN server
# Delete default route
route delete 0.0.0.0
# Add the route to campus subnet.
route add xxx.xxx.0.0 mask 255.255.0.0 <assigned VPN ip> if 0x50004
# Add default route
route add 0.0.0.0 mask 0.0.0.0 <home router ip> if 0x2
After these steps the route to the campus subnet works and I can connect
to all IPs on that subnet, however the default route does not work even
though I can ping <home router ip>. An identical route works fine when
VPN is not active.
I have been unsuccessful in locating relevant information on the web and
I therefore post in this newsgroup.
Vegar
| |
|
| Vegar wrote:
> Hi!
>
> I use VPN to connect to my campus network to access an online library
> and a news-server. I only want the traffic bound for my university
> subnet to go through the VPN connection and the rest to go through my
> home router.
>
> The client I'm using, and my university recommends, is cisco VPN:
> version 4.8.01.0300. My OS is Windows XP.
>
> So far I've tried to check the Allow local LAN access in the cisco VPN
> client menus, then I used the "route" command to remove the VPN default
> gateway, after that I added a route for the university subnet and then
> added a default gateway which is my home router.
>
> These are the steps i took:
> Logon to VPN server
> # Delete default route
> route delete 0.0.0.0
> # Add the route to campus subnet.
> route add xxx.xxx.0.0 mask 255.255.0.0 <assigned VPN ip> if 0x50004
> # Add default route
> route add 0.0.0.0 mask 0.0.0.0 <home router ip> if 0x2
>
> After these steps the route to the campus subnet works and I can connect
> to all IPs on that subnet, however the default route does not work even
> though I can ping <home router ip>. An identical route works fine when
> VPN is not active.
>
> I have been unsuccessful in locating relevant information on the web and
> I therefore post in this newsgroup.
>
> Vegar
Hi,
No experience of the cisco client, but I know some of these can disable
this sort of feature.
Tried a tracert to an internet IP address ? perhaps it's just dns thats
screwed by obtaining these from the Uni.
It may well be barred to stop your PC acting as a path into the Uni
network from the internet.
simon.
| |
| stephen 2006-11-27, 7:14 pm |
| "Vegar" <vneshaug@gmail.com> wrote in message
news:ekc70i$e8u$1@orkan.itea.ntnu.no...
> Hi!
>
> I use VPN to connect to my campus network to access an online library
> and a news-server. I only want the traffic bound for my university
> subnet to go through the VPN connection and the rest to go through my
> home router.
>
> The client I'm using, and my university recommends, is cisco VPN:
> version 4.8.01.0300. My OS is Windows XP.
>
> So far I've tried to check the Allow local LAN access in the cisco VPN
> client menus, then I used the "route" command to remove the VPN default
> gateway, after that I added a route for the university subnet and then
> added a default gateway which is my home router.
the cisco VPN client can get sent a "policy" as part of the connection to
the server - this can enforce the rules.
it comes from the server, so a local Internet access config will only help
if the server sends a policy that allows it.
>
> These are the steps i took:
> Logon to VPN server
> # Delete default route
> route delete 0.0.0.0
> # Add the route to campus subnet.
> route add xxx.xxx.0.0 mask 255.255.0.0 <assigned VPN ip> if 0x50004
> # Add default route
> route add 0.0.0.0 mask 0.0.0.0 <home router ip> if 0x2
>
> After these steps the route to the campus subnet works and I can connect
> to all IPs on that subnet, however the default route does not work even
> though I can ping <home router ip>. An identical route works fine when
> VPN is not active.
try asking whoever runs the server how it is set up.
>
> I have been unsuccessful in locating relevant information on the web and
> I therefore post in this newsgroup.
look at the docs for the VPN 3000 series servers.
>
> Vegar
--
Regards
stephen_hope@xyzworld.com - replace xyz with ntl
| |
| vneshaug@gmail.com 2006-11-29, 7:14 am |
| Hi, and thanks for replying.
There is an Open Source client for linux which is able to connect to
the campus VPN concentrator. Here's a link:
http://www.unix-ag.uni-kl.de/~massar/vpnc/
Almost the exact same steps I listed in my first post works with this
client. The client is however not availabe for Windows.
Simon:
There's no problem with DNS and a tracert gives nothing, it seems like
everything not headed to the campus subnet never leaves the cisco vpn
client computer.
Stephen:
So the cisco vpn client either overrides the routing table or has some
kind of firewall?
I have sent a mail to the university support group with a reference to
this discussion.
| |
|
| Vegar wrote:
> Hi!
>
> I use VPN to connect to my campus network to access an online library
> and a news-server. I only want the traffic bound for my university
> subnet to go through the VPN connection and the rest to go through my
> home router.
>
> The client I'm using, and my university recommends, is cisco VPN:
> version 4.8.01.0300. My OS is Windows XP.
>
> So far I've tried to check the Allow local LAN access in the cisco VPN
> client menus, then I used the "route" command to remove the VPN default
> gateway, after that I added a route for the university subnet and then
> added a default gateway which is my home router.
>
> These are the steps i took:
> Logon to VPN server
> # Delete default route
> route delete 0.0.0.0
> # Add the route to campus subnet.
> route add xxx.xxx.0.0 mask 255.255.0.0 <assigned VPN ip> if 0x50004
> # Add default route
> route add 0.0.0.0 mask 0.0.0.0 <home router ip> if 0x2
>
> After these steps the route to the campus subnet works and I can connect
> to all IPs on that subnet, however the default route does not work even
> though I can ping <home router ip>. An identical route works fine when
> VPN is not active.
>
> I have been unsuccessful in locating relevant information on the web and
> I therefore post in this newsgroup.
>
> Vegar
You can not modify the routes when the VPN client is active. The VPN
client's Virtual Adapter keeps a tab on the routing of the local system
and will not let you modify the routes since it is a security breach.
Try adding another NIC on the system and keep it as the default gateway.
So when you are trying to go to the univ. campus you use NIC 1 and when
you are trying to go to local lan you use NIC2.
Expect some hiccups with two NICs and VPN client (not very grave) as the
Cisco VPN client is not designed to work with two NICs.
Regards
Vikas
|
|
|
|
|