HOWTO: Cisco VPN with Windows Vista
HOWTO: Cisco VPN with Windows Vista
Since Cisco is still not able to supply us with a WORKING VPN Client for Vista we have to work with what we get.
Currently there are several BETA versions for Vista, you have to test which one is working for you:
vpnclient-win-is-4.8.02.0010-k9.exe
vpnclient-win-msi-5.0.00.0090-k9-beta.exe
The main problem with both clients is that the connection is lost after some minutes, depending on the configuration of the VPN concentrator at your place. This happens because the metric of the default route through the tunnel is changed to a value of the scale.
Before you connect, "route print" prints something similar to this:
IPv4-Routing table
===========================================================================
Active Routes:
Network destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.116.9 172.16.117.124 25
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
....
===========================================================================
The 172.16.xxx.xxx address is the private address I get for my wireless adapter. With a ip like this, I can only connect to a small number of machines inside the same network, including the vpn concentrator, but not the server.
You might get other addresses, like 192.168.xxx.xxx or 10.xxx.xxx.xxx.
When you initially connect with the VPN Client you get something like this:
IPv4-Routing table
===========================================================================
Active Routes:
Network destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 152.96.0.1 152.96.240.5 100
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
....
===========================================================================
The actual IP-addresses may vary (if you are not connected my campus-network). As you can see new routes were added to redirect all traffic through 152.96.240.5 to gateway 152.96.0.1. The metric is 100 at the moment, which is no problem, since nothing is less. But after a short period of time it changes to this:
IPv4-Routing table
===========================================================================
Active Routes:
Network destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 152.96.0.1 152.96.240.5 100
0.0.0.0 0.0.0.0 172.16.116.9 172.16.117.124 25
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
....
===========================================================================
As you can see now, the metric for the VPN tunnel is still 100, but now the metric for the 172.16.xxx.xxx route is smaller.
The computer always tries to get its packages through the route with the lowest metric, but since this route is not to the outside I can't connect anymore.
Now what we have to do is to change the metrics of the vpn and the private route (or delete it entirely if it's not needed). This can be done like this:
Open a new command line as Administrator. If you don't know how to do this maybe you shouldn't try at all. Easy way: Open the Start menu, enter "cmd.exe" and press Ctrl+Shift while pressing Enter.
Now you first need to print out your own routing table.
route print
Write down the gateways of your private and vpn connection, you'll be needing them.
Then enter the following two commands:
route delete 0.0.0.0 mask 0.0.0.0 "privategatewayip"
route change 0.0.0.0 mask 0.0.0.0 "vpngatewayip" metric 1
If you do "route print" once more, you will see that the vpn-route now has the lowest metric which makes it the first one to use for all the packets.
IPv4-Routing table
===========================================================================
Active Routes:
Network destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 "vpngatewayip" 152.96.240.5 26
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
....
===========================================================================
For now, it should work. If you see that after some minutes the connection breaks again, then you have to change the metric of the private connection instead of deleting it. This means that you use this command instead of the "route delete" you used before:
route change 0.0.0.0 mask 0.0.0.0 "privategatewayip" metric 300
Try which one works better for you, delete or change, then use it.
All commands again:
route change 0.0.0.0 mask 0.0.0.0 metric 300
or
route delete 0.0.0.0 mask 0.0.0.0
for the private route and
route change 0.0.0.0 mask 0.0.0.0 metric 1
for the vpn route
Since Cisco is still not able to supply us with a WORKING VPN Client for Vista we have to work with what we get.
Currently there are several BETA versions for Vista, you have to test which one is working for you:
vpnclient-win-is-4.8.02.0010-k9.exe
vpnclient-win-msi-5.0.00.0090-k9-beta.exe
The main problem with both clients is that the connection is lost after some minutes, depending on the configuration of the VPN concentrator at your place. This happens because the metric of the default route through the tunnel is changed to a value of the scale.
Before you connect, "route print" prints something similar to this:
IPv4-Routing table
===========================================================================
Active Routes:
Network destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.116.9 172.16.117.124 25
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
....
===========================================================================
The 172.16.xxx.xxx address is the private address I get for my wireless adapter. With a ip like this, I can only connect to a small number of machines inside the same network, including the vpn concentrator, but not the server.
You might get other addresses, like 192.168.xxx.xxx or 10.xxx.xxx.xxx.
When you initially connect with the VPN Client you get something like this:
IPv4-Routing table
===========================================================================
Active Routes:
Network destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 152.96.0.1 152.96.240.5 100
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
....
===========================================================================
The actual IP-addresses may vary (if you are not connected my campus-network). As you can see new routes were added to redirect all traffic through 152.96.240.5 to gateway 152.96.0.1. The metric is 100 at the moment, which is no problem, since nothing is less. But after a short period of time it changes to this:
IPv4-Routing table
===========================================================================
Active Routes:
Network destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 152.96.0.1 152.96.240.5 100
0.0.0.0 0.0.0.0 172.16.116.9 172.16.117.124 25
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
....
===========================================================================
As you can see now, the metric for the VPN tunnel is still 100, but now the metric for the 172.16.xxx.xxx route is smaller.
The computer always tries to get its packages through the route with the lowest metric, but since this route is not to the outside I can't connect anymore.
Now what we have to do is to change the metrics of the vpn and the private route (or delete it entirely if it's not needed). This can be done like this:
Open a new command line as Administrator. If you don't know how to do this maybe you shouldn't try at all. Easy way: Open the Start menu, enter "cmd.exe" and press Ctrl+Shift while pressing Enter.
Now you first need to print out your own routing table.
route print
Write down the gateways of your private and vpn connection, you'll be needing them.
Then enter the following two commands:
route delete 0.0.0.0 mask 0.0.0.0 "privategatewayip"
route change 0.0.0.0 mask 0.0.0.0 "vpngatewayip" metric 1
If you do "route print" once more, you will see that the vpn-route now has the lowest metric which makes it the first one to use for all the packets.
IPv4-Routing table
===========================================================================
Active Routes:
Network destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 "vpngatewayip" 152.96.240.5 26
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
....
===========================================================================
For now, it should work. If you see that after some minutes the connection breaks again, then you have to change the metric of the private connection instead of deleting it. This means that you use this command instead of the "route delete" you used before:
route change 0.0.0.0 mask 0.0.0.0 "privategatewayip" metric 300
Try which one works better for you, delete or change, then use it.
All commands again:
route change 0.0.0.0 mask 0.0.0.0
route delete 0.0.0.0 mask 0.0.0.0
for the private route and
route change 0.0.0.0 mask 0.0.0.0
Labels: Cisco, Client, Vista, VPN, vpnclient-win-is-4.8.02.0010-k9.exe, vpnclient-win-msi-5.0.00.0090-k9-beta.exe, Windows
Eingestellt von FlohEinstein Am/um
11:07
0 Kommentare
