I can connect with the Cisco VPN client, but I immediately lose the LAN connection. I cannot ping any devices on the LAN. I tried the changing the setting on the Transport tab to allow local lan access, but that did not work. The other problem I am having is that this is at one of our 3rd party locations trying to VPN in, so troubleshooting is somewhat difficult. They are running Windows 98 on Win NT 4.0 domain. They tell me after they shut down the VPN they need to logout in order to reestablish the connection to the Domain. The other problem I have is the Cisco router is at our ISP, so changes to that cannot happen. Is this something that can be resovled by making changes to the LMHOST file. One other issue we use a Class C ip configuration and the location that is trying to VPN in is a Class B. Any help would be appreciated.
i believe the issue can be resolved by configuring split tunneling on the router.
without this feature, all traffic from the pc will be encrypted and sent to the router regardless of the destination. that's why the internet traffic gone to the space.
since you mentioned it's difficult to modify the router configuration. a workaround i can think of is to manipulate the pc routing table, however it doesn't work when i tested it. i verified the routing table from dos and it looks fine. i guess the vpn client just take over the control of traffic.
the code i tested from the dos prompt:
route delete *
route add 0.0.0.0 mask 0.0.0.0 metric 10
route add mask metric 10
below are the sample code you'll need to put on the router:
Thanks for your response, I agree that split tunneling is probably the answer unfortunately I can't get a hold of the router. My question to you is everyone else that is using the VPN has no problems getting in and using the VPN along with their local LAN. I have people come in from home, hotel's, wireless without any problems. Could it be the router at their location? or possibly the way that their Win NT 4.0 Domain is set or that they are using Windows 98. It just seems odd that no one else has a problem and we do nothing special with the Cisco VPN CLient. Thanks again for your input.
I remember having this issues many years ago and it was because the win98 pc was not renewing the address on the local lan after disconnecting from the vpn. A manual ipconfig /release and /renew fixed the problem.
You may be able to create a batch file for your end user to run that will do that with a simple click of the mouse.
Thanks for your input, but that is the same as checking the Allow Local Lan Access under the Trasport tab in the Connection Entry screen. My problem was that this box was checked but it was being blocked at the Router. I had our vendor make some changes to the router in order for us to get access to the Local Lan. This is working fine now but one of our VPN sites needs to see data on another Subnet and I am currently working with our vendor to allow this type of access. I am assuming that they need to add those addresses to the routers ACL list.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...