Cisco VPN Client

Introduction

Microsoft routing problems can occur when a Cisco VPN Client (VPN 3000 Client, Cisco Secure VPN Client, or VPN 5000 Client) gets an IP address from the device terminating the tunnel (Cisco VPN 3000 Concentrator, router, PIX Firewall, or VPN 5000 Concentrator) that is on the same network as the local Network Interface Card (NIC). This can occur if a user has a laptop on the corporate network with a Dynamic Host Configuration Protocol (DHCP) or static IP address (10.50.1.x), brings the laptop home, dials into an Internet Service Provider (ISP) and connects using the VPN Client. If the terminating device sends the VPN Client an IP address that is on the same network (10.50.1.x), the user cannot send any data over the client connection. The packets are sent to the NIC, instead of over the VPN connection, because the traffic is still routed out of the NIC. This problem occurs on Microsoft Windows 95, Windows 98, and Windows NT 4.0.

Symptoms of this problem are that the VPN tunnel comes up, but the PC cannot pass traffic. A route print command still shows the DHCP or static address, or both. If the IP address was received through DHCP, the DHCP lease can be manually released.

Before You Begin

Conventions

Refer to the Cisco Technical Tips Conventions for information on document conventions.

Prerequisites

There are no specific prerequisites for this document.

Components Used

The information in this document is based on these software and hardware versions:

• Cisco VPN 3000 Client

• Cisco VPN 5000 Client

• Cisco Secure VPN Client

Solutions for the Routing Problem

Releasing the DHCP Lease

Microsoft Windows 95

Follow the instructions below to release the DHCP lease on Windows 95:

1. Open an MS-DOS window and type winipcfg.

2. Select Release.

Microsoft Windows 98

• Open an MS-DOS window and issue the ipconfig /release_all command.

You can also follow the directions for Windows 95.

Microsoft Windows NT

• Open an MS-DOS window and issue the ipconfig /release command.

Solutions from Microsoft

Microsoft has published articles that address this issue and how to resolve it:

• Windows 95 (article Q191494) Dial-Up Networking 1.3 Upgrade (DUN 1.3) .

• Windows 98 (article Q217035) How to Cause Windows 98 to Release DHCP Lease Information at Shutdown .

• Windows NT 4.0 (article Q271455) Releasing a DHCP-Assigned IP Address at Shutdown in Windows NT 3.x, 4 .

Deleting Static Routes

If the IP address was statically assigned to the NIC, the route can be manually deleted with the route delete command.

For example, if the route print command shows:

Network Address         Netmask         Gateway Address Interface       Metric
0.0.0.0                 0.0.0.0         10.50.1.1       10.50.1.99      2

where 10.5.1.99 was the former static IP and 10.50.1.1 was the internal gateway, then if you issue the following command:

route delete 0.0.0.0 10.50.1.99

it deletes the static NIC route.

Related Information

• Cisco VPN 3000 Series Concentrator Support Page
• IP Security Troubleshooting - Understanding and Using debug Commands
• Cisco VPN 5000 Series Concentrator Support Page
• IP Security (IPSec) Support Page
• Technical Support & Documentation - Cisco Systems