dual NICs connection associated with VPN

anitakuang · ‎12-14-2007

Hi guys,

I am a newbie to Cisco routers. Currently, I have a work station (PC1 ) with dual network cards. One is pointing to the Cisco router with DSL+ VPN. The other one is connecting our intranet using switch.

Here is the basic diagram:

/ 1ts NIC -----> Cisco Router ---> Internet ---> Laptop with VPN client

PC1

\ 2nd NIC

|

Switch

|

PC2 PC3

1NC: 10.0.0.1/24 gw: 10.0.0.138

2NC: 192.168.1.1/24 gw:192.168.1.240

PC2: 192.168.1.2/24

PC3: 192.168.1.3/24

VPN client: 192.168.254.0/24

At this stage, remote users can access PC1 via VPN,no problem at all. It turned out that my laptop can ping 10.0.0.0 subnet but not 192.168.1.0 subnet.

On the local network, PC1 can ping PC2 and PC3.However, not vice versa. I suspected PC2 and PC3 needed a static route added to establish the connection with PC1.

After adding a static route on PC2,

"route add 10.0.0.0 mask 255.255.255.0 192.168.1.240"

it still can not talk to PC1.

On the other hand, I added a static route on the cisco router as well, which is

"ip route 192.168.1.0 255.255.255.0 192.168.254.254"

My question is how to enable VPN client talk to 2nd NIC for internal network.

Any help would be highly appreciated.

Cheers

Anita

ebreniz · ‎12-21-2007

The VPN client is not supported with more than one interface activated at the same time. In your scenario, the supported method would be to disable one of the interfaces.

I am not aware that there is any way to tell which interface would be used unless you placed a sniffer on the line and looked to see which interface was being used.

kaachary · ‎12-25-2007

This is what you need :

1: On Router, include 192.168.1.0 network in split tunnel for vpn clients.

2: Add a static route on PC2 and PC3

route add 192.168.254.0 mask 255.255.255.0 192.168.1.1

That should do it. If not, then do a tracert from vpn client to PC2 or PC3 and see where is it routed to.