In the meanwhile, please do try downgrading and let me know the results.

Arti,

I have confirmed that even downgrading my Cisco VPN Client to 32bit -5.0.07.0290 produces the same results. I can access the remote LAN but not my local lan or the Internet.

At the same time I retested my Windows Vista / Windows 7 64bit OS systems with the Cisco VPN Client 64bit -5.0.07.0290 and I am able to access the remote LAN, as well as access my local lan and Internet.

Your help in resolving is greatly appreciated!

Atri,

Could this be a metric route issue on the workstations?

Please see attached Netstat routing info for each workstations.... there seems to be a difference with the the 2 XP systems not split tunelling vs the Windows 7 routing metrics which is working. Could this be a metric issue?

Thanks

Vito DiPinto

Hey Vito,

I might has missed this, but what is the ip address assigned to your VPN adapter and what is the actual IP address assigned to the NIC on the XP 32 bit clients? The lab setup will take a little longer for me to test as .

Regards,

Atri.

Mohammed,

As I indicated in the intial post here is my issue:

Could you check up on the route table on the PC when you connect with the 64 and 32 bit? Also can you make sure the split tunneling policy is pushed fine by checking the route details on the vpn client?

I attached the Route information for working and non working stations above?

I have attached again. There are descrepncies as I indicated above?

Could be  a metric issue. But then, can you run a wireshark capture on the vpn adapter interface when connected via vpn to see if an internet packet is being routed through that interface rather than the actual physical interface?

Looks like it is a METRIC issue as I sugessted.

I changed the metrics as with the VPN connected and I was able to access the remote LAN  behind the ASA, the Internet and my local LAN.  So there is obviously a "METRICS" issue with the VPN Client?  Is this a known bug or issue and is there a permanent work around?. Why does the client not adjust the metrics correctly?

these are the commands I entered after the VPN was connected:

>route change 99.238.6.172 mask 255.255.255.255 172.17.69.99 metric 15   - VPN remote peer

>route change 0.0.0.0 mask 0.0.0.0 192.16 8.8.213 metric 15                       - VPN remote network

route add 0.0.0.0 mask 0.0.0.0 172.17.69.99 metric 1                                   - local Network defauly GW

I cannot be chaning these netrics on the fly as the IP's on the remote VPN are dynamicly assigned when you connect to the VPN?

What is the permenat fix?

Hey Vito,

I should be able to confirm if this is a problem with 32bit clients by tomorrow. There are some known problems with metrics for routes on Windows machines(usually Vista):http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsk52566

But in your case I think the problem is a little different. I would suggest you open a TAC case so that this behavior can be properly studied.

Regards,

Atri.

Atri,

Thanks I look forward to your response. It looks like the local Default gayeway, VPN peer and VPN Network get the same Metric 1. You are able to reach the remote Lan but no access to the Internet.

Your investigation is appreciated. I will open a TAC case as well.

Thanks!

RESOLVED

Opened ticket with TAC - Issue seems to now be resolved. - THANK YOU!

Cisco engineer had me replace the following commands in my config to rectifty the issue with  having 2 default gateways specifically impacting 32bit operating systems XP / VISTA / Windows 7.

Router config had the following acess list: access-list RA_splitTunnelAcl standard permit any

This was changed to:

access-list RA_splitTunnelAcl standard permit 192.168.8.0 255.255.255.0  - which specifically reflected the inside network of the ASA5505.

Once this was changed the default gateway's on the workstation now had proper routing.with one default gateway and now could access both the internal network of the ASA5505 and the Internet (splt-tunnel).

Vito DiPinto