Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CISCO VPN Messing with Routing Tables

Status
Not open for further replies.
AceOmega

AceOmega

Programmer
Sep 17, 2004
17
US
I have a CISCO 2811 using VPN Client 5.0.01.0600 and for the most part it works fine. The problem comes in wit local LAN printers. Some of my virtual office employees have WiFi printers and when the VPN is connected they can not see them.

I found that the problem is that the VPN client messes with the routing tables and redirects the local LAN to the VPN gateway. I can fix this with a simple ROUTE DELETE 10.100.1.0 but I do not want to do it this way be cause I would have to run an additional script on each computer.

Is there a way to setup the CISCO Router to configure the routeing tables properly or atleaste to setup routes for the local printers. I want to do this right and deleteing a network from the routeing tables does not seem right.

Jim
 
Sort by date Sort by votes
Not a perfict solution but I think using Persistant Routes will work for me using the following command...

route -p add 10.100.1.0 MASK 255.255.255.0 10.100.1.15

10.100.1.0 - The local LAN Network
10.100.1.15 - The Gateway/Router

This adds a perminent route to the computer which over rides the modifications that the CISCO client does.

I am still looking for a better solution though if there is one, because this one requires me to remote into each of my Virtual Office Employees computers to execute the command.
 
Upvote 0 Downvote
Again...

Please post a sh run and indicate the WiFi subnet.

Burt
 
Upvote 0 Downvote
Hi AceOmega,

Sounds like you are pushing the 10.100.1.0/24 subnet out to the client when connected telling it traffic for this subnet should be encrypted and sent via the VPN. As Burt has asked, could you please post a running config of your router?

I have a "similar" problem with L2TP tunnels and split tunnelling. One solution to allow split tunnelling with L2TP is to delete routes from the MS routing table, I don`t know how to automate this and doing it manually is not feasible.
 
Upvote 0 Downvote
First off I am not going to post my running configuration for security reasons. I can tell you that I am using the following version...

This is the running config of the router: 10.100.100.2
----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Cisco2611

As for the Subnet of the local WAP it is...

10.100.1.0/24

 
Upvote 0 Downvote
Second, yes that is the problem with modifying the routing tables manually because there is no automatic way of doing it. I tryed putting it in my login scripts but my GPO is setup to restrict network settings for my users so the command fails to execute for any users except administrators. I guess I could modify my GPO to remove the restrictions but I would rather not.
 
Upvote 0 Downvote
Another interesting tidbit. I understand that the reason I can not see the local printers when VPN is on is because the computer gets assinged to a different subnet and thus the routeing tables need to be setup to allow the computer to talk to both subnets.

The funny thing is that I can see the WAP and even configure it while the VPN is connected. I tryed to setup static routes in the WAP because it is a router too but I have to admit I am not very good at doing this and it did not seem to work. I thinks this is the right avenue because that is the router's job to connect two different networks.
 
Upvote 0 Downvote
You can scrub the config of passwords and IP addresses...I don't think anyone can even take a stab at this until we see that. Don't understand what security reasons you have for not posting your config. Private IP addresses are okay to post, just not public ones. Hell, I'm paranoid, and I post mine all the time, minus dns servers, passwords, public IP addresses and even hide my hostname of the router! But whatever...good luck, I guess...

Burt
 
Upvote 0 Downvote
Sounds like you don't have split tunneling enabled and thus are sending all traffic to the host router.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

teknance
  • Locked
  • Question
Discovering Portugal: Uncover Hidden Destinations and VPN Solutions
Replies
5
Views
437
GlobeTrekkerGal
GlobeTrekkerGal
sarahz2
  • Locked
  • Question
Best vpn safe and fast
Replies
4
Views
325
GlobeTrekkerGal
GlobeTrekkerGal
MP2023
  • Locked
  • Question
How to Create an site to site VPN
Replies
1
Views
270
sircles
sircles
ramblingrebel
  • Locked
  • Question
Built-in Windows 10 VPN
Replies
1
Views
232
Joon Smith
Joon Smith
LearningNetworking
  • Locked
  • Question
Linking Hosts on the same subnet via VPN
Replies
0
Views
306
LearningNetworking
LearningNetworking

Part and Inventory Search

Sponsor

Back
Top