Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7496
Views
5
Helpful
7
Replies

Modifying network metrics installed by the Cisco VPN client

matt.eason
Level 1
Level 1

‎10-08-2008 09:25 PM - edited ‎02-21-2020 03:58 PM

Hi All,

I'm wondering if it is at all possible to edit the metric of routes on a host pc that have been inserted by the VPN client. Currently when the VPN client is used to connect into a PIX 6.3 all the VPN routes are installed in the table with a metric of 1(verified using the route print cmd). Is it possible to change the metrics of routes inserted into the client machine as by default they are set to 1 which doesn't allow me to add any other routes(as 1 is the lowest allowed metric)

Thanks,

Matt

Labels:
0 Helpful
7 Replies 7

Farrukh Haroon
VIP Alumni
VIP Alumni

‎10-09-2008 12:40 AM

You can change the metric of your NIC card by going into the TCP/IP properties.

Regards

Farrukh

0 Helpful

matt.eason
Level 1
Level 1
In response to Farrukh Haroon

‎10-09-2008 03:12 PM

Yeah I tried that, unfortunately those settings don't apply to VPN inserted routes.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to matt.eason

‎10-09-2008 06:40 PM

For VPN inserted routes you can manually remove them and add them again with a new metric, but the question is why would you want to do that? They will get over-ridden once the VPN is reconnected. If you want to influence what traffic is/is not encrypted why don't you use the proper way? Split tunneling or Local LAN Access?

Regards

Farrukh

0 Helpful

matt.eason
Level 1
Level 1
In response to Farrukh Haroon

‎10-09-2008 06:51 PM

Hi Farrukh,

Thanks for your reply. This is a unique situation, basically the VPN is advertising a network e.g. 192.168.1.0/24. The problem is that I must access a host on this network 192.168.1.50 via a different route( i.e not going through the VPN) without changing the 192.168.1.0 VPN inserted route as other people use this. If I add 192.168.1.50 into the host table on Windows it gets overwritten every time the VPN reconnects as the metrics clash @ 1

If I could change the VPN metric to 2 or above then the static route to 192.168.1.50 would take preference but all other traffic for 192.168.1.0 would go through the VPN.

Matt

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to matt.eason

‎10-09-2008 07:16 PM

You could add a /32 route for this host and not a /24. This way only that particular host would be affected.

Regards

Farrukh

0 Helpful

matt.eason
Level 1
Level 1
In response to Farrukh Haroon

‎10-09-2008 07:58 PM

That is what I did although it didn't work.

The routing table then contained 2 routes; it looks like the more specific prefix rule doesn't apply to windows.

Once I restart the computer and reconnect the VPN the host route to the alternate network disappears. Cant win :(

0 Helpful

mohsin.khan
Level 3
Level 3
In response to matt.eason

‎10-09-2008 08:23 PM

You can do that using windows XP based VPN client.

Right click "My Network Places", select "Properties", click "Create a new connection" on left hand bar.

Choose "Connect to the network at my workplace", and then "Virtual Private Network Connection" , use any "Company name", enter IP addresses of your VPN device, click finish and you have a working L2TP VPN client.

(You may know this already, just wanted to make sure you use it correctly without going into any trouble just in case you don't know how to setup a VPN client on XP machine.)

Now, double click the icon, click "properties", then click "Networking", select "Internet Protocol (TCP/IP)" and click properties.Clik "Advanced", and UNCHECK "Use default gateway on remote network".

This will solve your problem.

Rate if helpful.

Mohsin

Customers Also Viewed These Support Documents