VPN Client can not add route on Win 7

Unanswered Question
Feb 24th, 2011

We are in the porcess of creating an Easy VPN Server on a 3825 and deploying Cisco VPN Client 32bit on XP machines and 64bit on WIn 7 64bit machines.

Our first install of the client is on a Win 7 64bit machine.

The client connects to the Easy VPN Server without problems, however, after it connects we are unable to access any of the networks at the business site. The client reports the following error in the log:

375    21:37:23.975  02/24/11  Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160

We spent some time searching discussions and it appears that this problem has been reported before (https://supportforums.cisco.com/message/3037133) but no solution is available (none that we can find).

Here is the routing table on the client before and after the error:

374    21:37:20.933  02/24/11  Sev=Info/5 CVPND/0x63400013
    Destination           Netmask           Gateway         Interface   Metric        25      306      306      306      281      281      281      306      281        281      306      281        281

375    21:37:23.975  02/24/11  Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160

376    21:37:23.975  02/24/11  Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a8c800, Netmask: ffffff00, Interface: c0a878e8, Gateway: c0a87801.

377    21:37:23.975  02/24/11  Sev=Info/4 CM/0x63100038
Successfully saved route changes to file.

378    21:37:23.975  02/24/11  Sev=Info/5 CVPND/0x63400013
    Destination           Netmask           Gateway         Interface   Metric        25       100      100      306      306      306      281      281      281      281      100      281      281      281      281      306      281      281      306      281      281

379    21:37:23.975  02/24/11  Sev=Info/6 CM/0x63100036
The routing table was updated for the Virtual Adapter

We tried and failed:

1. connection with firewall on and off

2. running the client as administartor

Also, if you try and add the route manually it fails with bad metric 0 (at least this is what we think the client is trying to do):

C:\Windows\system32>route add mask metric 0 if
route: bad metric value 0


Can we have an explanation why the client is trying to add the route - why does it need to trunk all local network traffic ( to the (a gateway on the enterprise network)?

Also, if you have found a solution to this problem, please share it.

We will try a Win XP with 32bit client tomorrow to see if we get the same problem.

Thank you


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Paul Gilbert Arias Thu, 02/24/2011 - 05:28

are you trying to add a route to a network across the VPN? If so that might be the issue. You can configure on your VPN Server split tunneling defining the networks that the VPN clients could connect using the VPN tunnel. Those networks will get inyected to the client after the connection get established.

I hope this helps.

prolancer Thu, 02/24/2011 - 13:27

Hi Paul,

we are trying to configure VPN access for Cisco VPN Clients to multiple enterprise networks. The client is on my home network and connects via standard ADSL2+ modem to an ISP. This is what other employees will have at home, and except for the IP address range, all wil be same.

We want to configure the client to use the tunnel to access multiple enterprise networks which also have address in the 192.168.x.x range. I think the best way to explain our scenario is to post the Easy VPN Configuration. Here it is:

crypto isakmp client configuration group Employee
dns 192.168.20.xxx
domain wsn.prolancer.com.au
pool VpnIpPool
acl VpnSplitAcl
firewall are-u-there
split-dns prolancer.com.au
split-dns in.prolancer.com.au
max-logins 1

ip local pool VpnIpPool

ip access-list extended VpnSplitAcl
permit ip any
permit ip any

   <- few more networks here ->
deny   ip any any

When the client connects, we see Secured Routes to all networks in the VpnSplitAcl. However, these routes do not apper in the Win 7 routing table as you can see from the previous post.

I tried the 32 bit version of the client on a WIn XP machine as well. We get the same problem with it not being able to add a route, except the client is trying to add the route with metric 20 (instead of metric 0 on Win 7) and the error code reported is 87 (instead of 160 on Win 7).

I can provide more information, just do not know what is relevant.


tuffsubject Thu, 09/29/2011 - 14:56

Did you ever get this resolved?  Having the same issue now.

prolancer Sat, 10/01/2011 - 23:45

Hi Joe,

yes it was resolved.

It was basically incorrect split tunnel configuration on the Cisco router. I cannot recall what exactly was wrong, but I remember that my interpretation of the information in the Cisco manuals was incorrect (English being my 2nd language and all). As a result, I had incorrect configuration. A colegue of mine put me on the right track by explaining what the manual says.

So make sure yor ezvpn configuration is correct (split tunneling in particular) and double check it with what the manuals say.

You can safely ignore what is said in this post: https://supportforums.cisco.com/message/3037133, especially the suggestion by David P. at the end of the post.



Login or Register to take actions

This Discussion

Posted February 24, 2011 at 2:57 AM
Replies:4 Overall Rating:
Views:14855 Votes:0

Related Content


Discussions Leaderboard

Rank Username Points
Federico Coto F...
Jouni Forss
Marvin Rhoads
Karsten Iwen
Jon Marshall
Rank Username Points
Jon Marshall
Karsten Iwen
Marvin Rhoads