Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN connects, lose LAN connection

I can connect with the Cisco VPN client, but I immediately lose the LAN connection. I cannot ping any devices on the LAN. I tried the changing the setting on the Transport tab to allow local lan access, but that did not work. The other problem I am having is that this is at one of our 3rd party locations trying to VPN in, so troubleshooting is somewhat difficult. They are running Windows 98 on Win NT 4.0 domain. They tell me after they shut down the VPN they need to logout in order to reestablish the connection to the Domain. The other problem I have is the Cisco router is at our ISP, so changes to that cannot happen. Is this something that can be resovled by making changes to the LMHOST file. One other issue we use a Class C ip configuration and the location that is trying to VPN in is a Class B. Any help would be appreciated.


Re: VPN connects, lose LAN connection

i believe the issue can be resolved by configuring split tunneling on the router.

without this feature, all traffic from the pc will be encrypted and sent to the router regardless of the destination. that's why the internet traffic gone to the space.

since you mentioned it's difficult to modify the router configuration. a workaround i can think of is to manipulate the pc routing table, however it doesn't work when i tested it. i verified the routing table from dos and it looks fine. i guess the vpn client just take over the control of traffic.

the code i tested from the dos prompt:

route delete *

route add mask metric 10

route add mask metric 10

below are the sample code you'll need to put on the router:

access-list 130 permit ip

crypto isakmp client configuration group vpngroup

key xxxxxxx

pool vpnpool

acl 130

New Member

Re: VPN connects, lose LAN connection


Thanks for your response, I agree that split tunneling is probably the answer unfortunately I can't get a hold of the router. My question to you is everyone else that is using the VPN has no problems getting in and using the VPN along with their local LAN. I have people come in from home, hotel's, wireless without any problems. Could it be the router at their location? or possibly the way that their Win NT 4.0 Domain is set or that they are using Windows 98. It just seems odd that no one else has a problem and we do nothing special with the Cisco VPN CLient. Thanks again for your input.


Re: VPN connects, lose LAN connection

since all other remote user has no drama, i agree with you that the issue is with the pc or the router.

i remembered there is sth with win98. i had some issue before related to routing.

check this out as it may help:

New Member

Re: VPN connects, lose LAN connection

I believe jackko to be correct.

I remember having this issues many years ago and it was because the win98 pc was not renewing the address on the local lan after disconnecting from the vpn. A manual ipconfig /release and /renew fixed the problem.

You may be able to create a batch file for your end user to run that will do that with a simple click of the mouse.

New Member

Re: VPN connects, lose LAN connection

You need to alter the 'EnableLocalLan' setting in the .pcf file that applies to your connection name.

Its in the profiles folder where the client is installed.

It defaults to 0=disable. Change it to 1 and restart.

(Info from Client administration guide page 2-23)

New Member

Re: VPN connects, lose LAN connection

Thanks for your input, but that is the same as checking the Allow Local Lan Access under the Trasport tab in the Connection Entry screen. My problem was that this box was checked but it was being blocked at the Router. I had our vendor make some changes to the router in order for us to get access to the Local Lan. This is working fine now but one of our VPN sites needs to see data on another Subnet and I am currently working with our vendor to allow this type of access. I am assuming that they need to add those addresses to the routers ACL list.