Modifying network metrics installed by the Cisco VPN client

Unanswered Question
Oct 8th, 2008

Hi All,

I'm wondering if it is at all possible to edit the metric of routes on a host pc that have been inserted by the VPN client. Currently when the VPN client is used to connect into a PIX 6.3 all the VPN routes are installed in the table with a metric of 1(verified using the route print cmd). Is it possible to change the metrics of routes inserted into the client machine as by default they are set to 1 which doesn't allow me to add any other routes(as 1 is the lowest allowed metric)



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Farrukh Haroon Thu, 10/09/2008 - 00:40

You can change the metric of your NIC card by going into the TCP/IP properties.



matt.eason Thu, 10/09/2008 - 15:12

Yeah I tried that, unfortunately those settings don't apply to VPN inserted routes.

Farrukh Haroon Thu, 10/09/2008 - 18:40

For VPN inserted routes you can manually remove them and add them again with a new metric, but the question is why would you want to do that? They will get over-ridden once the VPN is reconnected. If you want to influence what traffic is/is not encrypted why don't you use the proper way? Split tunneling or Local LAN Access?



matt.eason Thu, 10/09/2008 - 18:51

Hi Farrukh,

Thanks for your reply. This is a unique situation, basically the VPN is advertising a network e.g. The problem is that I must access a host on this network via a different route( i.e not going through the VPN) without changing the VPN inserted route as other people use this. If I add into the host table on Windows it gets overwritten every time the VPN reconnects as the metrics clash @ 1

If I could change the VPN metric to 2 or above then the static route to would take preference but all other traffic for would go through the VPN.


Farrukh Haroon Thu, 10/09/2008 - 19:16

You could add a /32 route for this host and not a /24. This way only that particular host would be affected.



matt.eason Thu, 10/09/2008 - 19:58

That is what I did although it didn't work.

The routing table then contained 2 routes; it looks like the more specific prefix rule doesn't apply to windows.

Once I restart the computer and reconnect the VPN the host route to the alternate network disappears. Cant win :(

You can do that using windows XP based VPN client.

Right click "My Network Places", select "Properties", click "Create a new connection" on left hand bar.

Choose "Connect to the network at my workplace", and then "Virtual Private Network Connection" , use any "Company name", enter IP addresses of your VPN device, click finish and you have a working L2TP VPN client.

(You may know this already, just wanted to make sure you use it correctly without going into any trouble just in case you don't know how to setup a VPN client on XP machine.)

Now, double click the icon, click "properties", then click "Networking", select "Internet Protocol (TCP/IP)" and click properties.Clik "Advanced", and UNCHECK "Use default gateway on remote network".

This will solve your problem.

Rate if helpful.



This Discussion