amtikl.blogspot.com

icrosoft routing problems can occur when a Cisco VPN Client (VPN 3000 Client, Cisco Secure VPN Client, or VPN 5000 Client) gets an IP address from the device terminating the tunnel (Cisco VPN 3000 Concentrator, router, PIX Firewall, or VPN 5000 Concentrator) that is on the same network as the local Network Interface Card (NIC). This can occur if a user has a laptop on the corporate network with a Dynamic Host Configuration Protocol (DHCP) or static IP address (10.50.1.x), brings the laptop home, dials into an Internet Service Provider (ISP) and connects using the VPN Client.

If the terminating device sends the VPN Client an IP address that is on the same network (10.50.1.x), the user cannot send any data over the client connection. The packets are sent to the NIC, instead of over the VPN connection, because the traffic is still routed out of the NIC. This problem occurs on Microsoft Windows 95, Windows 98, and Windows NT 4.0.

Symptoms of this problem are that the VPN tunnel comes up, but the PC cannot pass traffic. A route print command still shows the DHCP or static address, or both. If the IP address was received through DHCP, the DHCP lease can be manually released.

The Cisco VPN Client can be preconfigured for mass deployments, and initial logins require little user intervention. It supports the innovative Cisco Easy VPN capabilities, delivering a uniquely scalable, cost-effective, and easy-to-manage remote access VPN architecture that eliminates the operational costs associated with maintaining a consistent policy and key management method. The Cisco Easy VPN feature allows the Cisco VPN Client to receive security policies upon a VPN tunnel connection from the central site VPN device (Cisco Easy VPN Server), minimizing
configuration requirements at the remote location. This simple and highly scalable solution is ideal for large remote access deployments where it is impractical to individually configure policies for multiple remote PCs.