windows routing problem

  • Thread starter Thread starter foobar2k3
  • Start date Start date
F

foobar2k3

Hi all,

I have trouble setting up routing on my laptop with Windows XP Pro. Im
not sure if Windows supports the kind of routing I would like to
accomplish at all - here's the situation:

I connect to a private corporate LAN using an on-board Intel NIC
(100Mb ethernet), this interface gets a private IP address (from a
range reserved by IANA for my employer).

Apart from this connection, I also connect to the Internet using a
HSDPA PCMCIA card (ie mobile internet access).
I connect to our customer's network using Cisco VPN client, which uses
the HSDPA connection - I can not use the corporate LAN to connect to
customer's VPN server.

Now the windows routing table looks like this:

Active Routes:
Network Destination Netmask Gateway Interface
Metric
0.0.0.0 0.0.0.0 10.192.1.104
10.192.1.104 1
0.0.0.0 0.0.0.0 192.168.66.27
192.168.66.26 1
XX.138.109.0 255.255.255.128 XX.138.109.120 XX.
138.109.120 20
XX.138.109.0 255.255.255.128 192.168.66.27
192.168.66.26 30
XX.138.109.120 255.255.255.255 127.0.0.1
127.0.0.1 20
XX.255.255.255 255.255.255.255 XX.138.109.120 XX.
138.109.120 20
10.192.1.104 255.255.255.255 127.0.0.1
127.0.0.1 50
10.255.255.255 255.255.255.255 10.192.1.104
10.192.1.104 50
YY.209.212.132 255.255.255.255 10.192.1.104
10.192.1.104 1
127.0.0.0 255.0.0.0 127.0.0.1
127.0.0.1 1
192.168.66.26 255.255.255.255 127.0.0.1
127.0.0.1 30
192.168.66.255 255.255.255.255 192.168.66.26
192.168.66.26 30
224.0.0.0 240.0.0.0 XX.138.109.120 XX.
138.109.120 20
224.0.0.0 240.0.0.0 192.168.66.26
192.168.66.26 30
224.0.0.0 240.0.0.0 10.192.1.104
10.192.1.104 1
255.255.255.255 255.255.255.255 XX.138.109.120 XX.
138.109.120 1
255.255.255.255 255.255.255.255 10.192.1.104
10.192.1.104 1
255.255.255.255 255.255.255.255 192.168.66.26
192.168.66.26 1
Default Gateway: 192.168.66.27
===========================================================================

XX.138.109.120 is the IP address assigned to the Intel NIC, XX.
138.109.0 is the private corporate LAN with
XX.138.109.1 being the default gateway.

10.192.1.104 is the IP address assigned to the HSDPA interface by the
mobile network provider,
YY.209.212.132 is a IP address from his address space.

192.168.66.26 is the IP address of the Cisco VPN client interface,
192.168.66.27 is the default gateway for Cisco VPN.

Currently as soon as I connect to the Cisco VPN, all the traffic gets
routed through Cisco VPN and I cannot access the private network of my
employer.

what I would like to accomplish is the following:

1.) for reaching the customers network 10.21.240.0/24, make Windows
use the Cisco VPN interface with IP address 192.168.66.26,

2.) make the Cisco VPN connection use the HSDPA connection

3.) for everything else, use my employer's network with the default
gateway XX.138.109.1.

Is this kind of routing possible in Windows XP ?
Thanks for any information & suggestions,

regards,
fb
 
(e-mail address removed) wrote in
:

[...]
Currently as soon as I connect to the Cisco VPN, all the traffic
gets routed through Cisco VPN and I cannot access the private
network of my employer.
Click to expand...

VPN is a secure networking protocol.
It is usually considered a security breach if a computer has
simultaneous access to both a local network and a remote network over a
secure VPN - thus when the Cisco VPN client is started up, all traffic
is forced through the VPN and the local network is effectively
disconnected.

Try this:
In the Cisco VPN client, right-click on your "Connection Entry" then
select "Modify". In the next window that comes up, click on the
"Transport" tab. At the bottom, check the box labeled "Allow Local LAN
Access" then "Save". Maybe this will have the result that you desire.

HTH,
John
 
Try this:
In the Cisco VPN client, right-click on your "Connection Entry" then
select "Modify". In the next window that comes up, click on the
"Transport" tab. At the bottom, check the box labeled "Allow Local LAN
Access" then "Save". Maybe this will have the result that you desire.

HTH,
John
Click to expand...

Hi John,

thanks for you reply. However, the local LAN access is allowed, and
when I use the private network to access the customer's VPN, the local
connection works with no problems or limits. But I can not use the
private network for VPN, because the VPN connection gets closed
approximately every half an hour or so.This is something I can do
absolutely nothing about. So the only solution is to access the VPN
using the secondary HSDPA connection. Some of my co-workers have
"solved" this issue by establishing another VPN connection from
customer's network back to the private network - unfortunately I can
not use this back-and-forth VPN tunneling as I dont have VPN access to
the private network :) And this "solution" seems a bit sloppy at
best :) There must be some reasonable way to make Windows route the
networks as I need it to :)

regards,
fb
 
No guarantees, but you can try the commands intersperced below.
-- John


(e-mail address removed) wrote in
:
Hi all,

I have trouble setting up routing on my laptop with Windows XP Pro. Im
not sure if Windows supports the kind of routing I would like to
accomplish at all - here's the situation:

I connect to a private corporate LAN using an on-board Intel NIC (100Mb
ethernet), this interface gets a private IP address (from a range
reserved by IANA for my employer).

Apart from this connection, I also connect to the Internet using a HSDPA
PCMCIA card (ie mobile internet access). I connect to our customer's
network using Cisco VPN client, which uses the HSDPA connection - I can
not use the corporate LAN to connect to customer's VPN server.

Now the windows routing table looks like this:


Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.192.1.104 10.192.1.104 1
0.0.0.0 0.0.0.0 192.168.66.27 192.168.66.26 1
XX.138.109.0 255.255.255.128 XX.138.109.120 XX.138.109.120 20
XX.138.109.0 255.255.255.128 192.168.66.27 192.168.66.26 30
XX.138.109.120 255.255.255.255 127.0.0.1 127.0.0.1 20
XX.255.255.255 255.255.255.255 XX.138.109.120 XX.138.109.120 20
10.192.1.104 255.255.255.255 127.0.0.1 127.0.0.1 50
10.255.255.255 255.255.255.255 10.192.1.104 10.192.1.104 50
YY.209.212.132 255.255.255.255 10.192.1.104 10.192.1.104 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.66.26 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.66.255 255.255.255.255 192.168.66.26 192.168.66.26 30
224.0.0.0 240.0.0.0 XX.138.109.120 XX.138.109.120 20
224.0.0.0 240.0.0.0 192.168.66.26 192.168.66.26 30
224.0.0.0 240.0.0.0 10.192.1.104 10.192.1.104 1
255.255.255.255 255.255.255.255 XX.138.109.120 XX.138.109.120 1
255.255.255.255 255.255.255.255 10.192.1.104 10.192.1.104 1
255.255.255.255 255.255.255.255 192.168.66.26 192.168.66.26 1
Default Gateway: 192.168.66.27
===========================================================================

XX.138.109.120 is the IP address assigned to the Intel NIC, XX.
138.109.0 is the private corporate LAN with XX.138.109.1 being the
default gateway.

10.192.1.104 is the IP address assigned to the HSDPA interface by the
mobile network provider, YY.209.212.132 is a IP address from his address
space.

192.168.66.26 is the IP address of the Cisco VPN client interface,
192.168.66.27 is the default gateway for Cisco VPN.

Currently as soon as I connect to the Cisco VPN, all the traffic gets
routed through Cisco VPN and I cannot access the private network of my
employer.

what I would like to accomplish is the following:

1.) for reaching the customers network 10.21.240.0/24, make Windows use
the Cisco VPN interface with IP address 192.168.66.26,
Click to expand...

Try the following command for this:
route add 10.21.240.0 mask 255.255.255.0 192.168.66.27 metric 1
2.) make the Cisco VPN connection use the HSDPA connection
Click to expand...

Before you activate your VPN client, you should issue the following
command:
route add said:
3.) for everything else, use my employer's network with the default
gateway XX.138.109.1.
Click to expand...

This is a little more complicated. You have to add your desired route
then downgrade (up the metric) two routes that are already there:

route add 0.0.0.0 mask 0.0.0.0 XX.138.109.1 metric 1
route change 0.0.0.0 mask 0.0.0.0 10.192.1.104 metric 10
route change 0.0.0.0 mask 0.0.0.0 192.68.66.27 metric 10


I am unsure about these but I hope this helps,
John
 
Back
Top