Network: How to fully bypass Cisco VPN Client and Server LAN restriction

You may have encoutered, like me, some problem with LAN access while using the Cisco VPN Client.

This soft blocks any LAN access as soon as the tunnel connection is established (by changing network’s routes on all local interfaces). There’s an option “enable LAN” in the Cisco VPN client, but it may be overriden by server’s rules.

Here is how you can fully bypass thoses restrictions allowing you to access both VPN and local’s servers.

First :follow instructions on “Lennart Schedin” ‘s blog : http://blog.lesc.se/2011/06/how-to-bypass-cisco-vpn-client-lan.html

He basically says:

  • to install Shrew Soft VPN Client as Cisco VPN client replacement
  • to add an exclude filter for your LAN’s ip range (right click on the connection / properties / Policy tab)
  • Launch the connection

Then : you can check using “route print” (on windows) : you’ll see that the VPN tunnel has not changed local routes. BUT, access to your LAN may still fail due to added routes…
At this time you are close to the final step : you just need to change routes. Below is an example BAT file to do so :

@echo off
 
set localroute=[SET YOUR DEFAULT LAN ROUTE HERE]
set vpnroute=[SET YOUR DEFAULT VPN ROUTE HERE]

REM flush all default routes
route delete 0.0.0.0 mask 0.0.0.0

REM Add default route both for local network and VPN
route add 0.0.0.0 mask 0.0.0.0 %localroute%
route add 0.0.0.0 mask 0.0.0.0 %vpnroute%

REM add specific routes if needed 
REM route add [IP RANGE TO ROUTE] mask [NETMASK OF THE IP RANGE] [IP OF THE ROUTE]

Leave a Reply

Your email address will not be published. Required fields are marked *


*