CMAK and split tunneling trouble.
Hello! I have an ISA server in my corporate network and want to make a CMAK based file my customers to connect to our network. with Windows XP and Server 2003 the are no any problems with split VPN, I've appended a custom route file to CMAK like this: ADD 192.168.30.0 MASK 255.255.255.0 172.16.11.1 METRIC default IF default ADD 172.16.0.0 MASK 255.255.0.0 172.16.11.1 METRIC default IF default REMOVE_GATEWAY and all fine. traffic to corporate networks goes through ISA (172.16.11.1) and all other traffic goes through client's default gateway. but then I tried to do so with Win7 box I got an fantastic results with strange error, here is config: Before VPN C:\>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : WIN-NCSFTL8US34 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter LAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-0C-29-E3-5A-46 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 77.221.144.211(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.192 Default Gateway . . . . . . . . . : 77.221.144.193 DNS Servers . . . . . . . . . . . : 77.221.145.226 77.221.145.254 NetBIOS over Tcpip. . . . . . . . : Enabled C:\>route print =========================================================================== Interface List 11...00 0c 29 e3 5a 46 ......Intel(R) PRO/1000 MT Network Connection 1...........................Software Loopback Interface 1 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 77.221.144.193 77.221.144.211 266 77.221.144.192 255.255.255.192 On-link 77.221.144.211 266 77.221.144.211 255.255.255.255 On-link 77.221.144.211 266 77.221.144.255 255.255.255.255 On-link 77.221.144.211 266 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 77.221.144.211 267 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 77.221.144.211 266 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 77.221.144.193 Default =========================================================================== C:\>nslookup google.com Server: ns3.amstelnet.net Address: 77.221.145.254 Non-authoritative answer: Name: google.com Addresses: 74.125.232.50 74.125.232.51 74.125.232.52 74.125.232.48 74.125.232.49 C:\>ping google.com Pinging google.com [74.125.232.51] with 32 bytes of data: Reply from 74.125.232.51: bytes=32 time=14ms TTL=55 Reply from 74.125.232.51: bytes=32 time=14ms TTL=55 Reply from 74.125.232.51: bytes=32 time=14ms TTL=55 Reply from 74.125.232.51: bytes=32 time=14ms TTL=55 Ping statistics for 74.125.232.51: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 14ms, Maximum = 14ms, Average = 14ms C:\>tracert google.com Tracing route to google.com [74.125.232.51] over a maximum of 30 hops: 1 2 ms 7 ms 5 ms 77.221.144.193.addr.datapoint.ru [77.221.144.193 ] 2 * * * Request timed out. 3 14 ms 14 ms 14 ms 72.14.236.167 4 14 ms 14 ms 14 ms 74.125.232.51 Trace complete. After VPN connected C:\>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : WIN-NCSFTL8US34 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : syndicat.ru PPP adapter syndicat_network: Connection-specific DNS Suffix . : syndicat.ru Description . . . . . . . . . . . : syndicat_network Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 172.16.11.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 172.16.0.18 Primary WINS Server . . . . . . . : 172.16.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter LAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-0C-29-E3-5A-46 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 77.221.144.211(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.192 Default Gateway . . . . . . . . . : 77.221.144.193 DNS Servers . . . . . . . . . . . : 77.221.145.254 NetBIOS over Tcpip. . . . . . . . : Enabled C:\>route print =========================================================================== Interface List 21...........................syndicat_network 11...00 0c 29 e3 5a 46 ......Intel(R) PRO/1000 MT Network Connection 1...........................Software Loopback Interface 1 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 77.221.144.193 77.221.144.211 4491 77.221.144.192 255.255.255.192 On-link 77.221.144.211 4491 77.221.144.209 255.255.255.255 On-link 77.221.144.211 4236 77.221.144.211 255.255.255.255 On-link 77.221.144.211 4491 77.221.144.255 255.255.255.255 On-link 77.221.144.211 4491 127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531 127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531 127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531 172.16.0.0 255.255.0.0 172.16.11.1 172.16.11.3 28 172.16.11.3 255.255.255.255 On-link 172.16.11.3 266 192.168.30.0 255.255.255.0 172.16.11.1 172.16.11.3 28 224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531 224.0.0.0 240.0.0.0 On-link 77.221.144.211 4493 224.0.0.0 240.0.0.0 On-link 172.16.11.3 11 255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531 255.255.255.255 255.255.255.255 On-link 77.221.144.211 4491 255.255.255.255 255.255.255.255 On-link 172.16.11.3 266 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 77.221.144.193 Default =========================================================================== C:\>nslookup google.com Server: srv-dc3.syndicat.ru Address: 172.16.0.18 Name: google.com Addresses: 74.125.232.52 74.125.232.50 74.125.232.51 74.125.232.48 74.125.232.49 C:\>ping google.com Ping request could not find host google.com. Please check the name and try again. C:\>tracert google.com Unable to resolve target system name google.com. C:\>ping srv-dc3 Pinging srv-dc3.syndicat.ru [172.16.0.18] with 32 bytes of data: Reply from 172.16.0.18: bytes=32 time=6ms TTL=127 Reply from 172.16.0.18: bytes=32 time<1ms TTL=127 Ping statistics for 172.16.0.18: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 6ms, Average = 3ms Control-C ^C C:\>tracert srv-dc3 Tracing route to srv-dc3.syndicat.ru [172.16.0.18] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms SRV-ISA [172.16.11.1] 2 <1 ms <1 ms <1 ms srv-dc3.syndicat.ru [172.16.0.18] Trace complete. what's wrong? what a mess with win7 split tunnilng? how to fix it? thanks for advice!-=C U=-
July 1st, 2010 2:42pm

up? =)-=C U=-
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2010 10:12am

any ideas? -=C U=-
July 5th, 2010 9:21am

and up again-=C U=-
Free Windows Admin Tool Kit Click here and download it now
July 6th, 2010 2:01pm

is it a bug? so let's report it and fix, or it's a new "feature"? so let's us disable it. it's a mess! -=C U=-
July 6th, 2010 2:02pm

When is this going to be solved? Best Regards, Levente Rog
Free Windows Admin Tool Kit Click here and download it now
July 12th, 2010 3:12pm

I have the same issue. It seems to happen when you configure split-DNS. If you use the VPN connecton as it's default gateway, you don't have this issue. Boudewijn Plomp, BPMi Infrastructure & Security
February 4th, 2011 6:25am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics