I've been searching and searching for info on this problem and haven't found anything yet - so I figured I'd go to one of the few places on the internet where technical questions actually get answered.

So, here's the situation. I'm here in my office at work, and I'd like to connect to our webserver - which is hosted downtown - through a VPN. On the webserver side, we have a Cisco PIX501. On my side, I have installed the Cisco Easy VPN client 4.0.1. I thought I had everything configured correctly on both the PIX and in my client, and I can connect to the PIX just fine. The problem is, when I connect to the PIX, I lose my internet/network connection. Basically while connected to the PIX through the VPN client, I can't get anywhere on either my local netywork, the remote network, or out to the internet. And, as soon as I disconnect, my internet/network connection is restored. So, I was hoping that someone here might have set up something similar in the past or could at least just point out where I'm being retarded.

Here's what I have as far as configuration goes.

--------------------------------------------
Here is the 'sh config' section from the pix that is related to the VPN:
--------------------------------------------
access-list inside_outbound_nat0_acl permit ip any 192.168.1.0 255.255.255.224
access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.0 255.255.255.224
ip local pool remote 192.168.1.10-192.168.1.20
nat (inside) 0 access-list inside_outbound_nat0_acl
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication LOCAL
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup temavpn address-pool remote
vpngroup temavpn dns-server 192.168.1.14 216.243.112.10
vpngroup temavpn default-domain workgroup
vpngroup temavpn idle-time 1800
vpngroup temavpn password ********

--------------------------------------------
Here is the output of ipconfig on my computer after the vpn client is connected (when everything goes broke.) FYI - Local Area Connection 2 shown below is not a second ethernet interface - I only have 1 eth adapter on my computer. As far as I can tell, it is some sort of a pseudo interface that was installed by the Cisco VPN client. It is only enabled while the client is connected.:
--------------------------------------------
C:\Documents and Settings\tsmith>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : TEMA0201
Primary Dns Suffix . . . . . . . : domain.tema
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : workgroup

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect
ion
Physical Address. . . . . . . . . : 00-07-E9-E3-C4-E1
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.108
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.14
DNS Servers . . . . . . . . . . . : 192.168.1.14
209.253.113.10
209.253.113.2
209.253.113.18
Lease Obtained. . . . . . . . . . : Thursday, October 09, 2003 5:00:13 P
M
Lease Expires . . . . . . . . . . : Sunday, October 12, 2003 5:00:13 PM

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : workgroup
Description . . . . . . . . . . . : Cisco Systems VPN Adapter
Physical Address. . . . . . . . . : 00-06-9C-3C-24-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.10
DNS Servers . . . . . . . . . . . : 192.168.1.14
216.243.112.10
--------------------------------------------
So, If anyone can see what's wrong here, I'd appreciate it. If you need more info on my config, let me know and I'll post it.

Thanks All!

- trs

Don't set 192.168.1.1 as a Default Gateway.

Should be 192.168.1.10, but wfaulk is right.

Do a ``route print'' on your PC and see if you have multiple 0.0.0.0 (default) routes or if the one there is the one for your VPN connection. If so, that's probably the problem. Not that I know how to fix it.

Actually, wait. You've got conflicting networking.

Your local IP address is in 192.168.1.x, and so is your VPN network. Where are you getting your local addresses from? See if you can change it to use a different network, like 192.168.2.x, for example.

Do a ``route print'' on your PC and see if you have multiple 0.0.0.0 (default) routes or if the one there is the one for your VPN connection. If so, that's probably the problem. Not that I know how to fix it.

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 e3 b3 d3 ...... Intel(R) PRO/1000 MT Network Connection - Packet
Scheduler Miniport
0xa0004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet Scheduler
Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.106 21
0.0.0.0 0.0.0.0 192.168.1.10 192.168.1.10 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.106 192.168.1.106 10
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 1
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.14 255.255.255.255 192.168.1.106 192.168.1.106 1
192.168.1.106 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 10
192.168.1.255 255.255.255.255 192.168.1.106 192.168.1.106 10
216.243.xxx.xx 255.255.255.255 192.168.1.1 192.168.1.106 1
224.0.0.0 240.0.0.0 192.168.1.10 192.168.1.10 10
224.0.0.0 240.0.0.0 192.168.1.106 192.168.1.106 10
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
255.255.255.255 255.255.255.255 192.168.1.106 192.168.1.106 1
Default Gateway: 192.168.1.10
===========================================================================
Persistent Routes:
None

----------------------
There's the route print result. I'm not sure what to make of it. The ip I edited is the ip addy for the pix.

Your local IP address is in 192.168.1.x, and so is your VPN network. Where are you getting your local addresses from? See if you can change it to use a different network, like 192.168.2.x, for example.

Ah, ok, I was wondering that. I can change the pool of IP's that the PIX generates for the VPN connection. I'll try that.

You'll still need to change it so that you don't end up with two default routes. That can't be helping, either. You need, almost certainly, to have the VPN connection give routes for the networks it provides access to (if it's just the one network, you shouldn't need to have is specify any routes at all), but not a default route. Again, exactly how to do this I don't know.

So, from what I gather, it must be a subnet issue. Since both networks are on the same subnet, when I try to connect to both my pc just gets confused as hell. So, when I get home I'm going to try it all out on a network with a different subnet and see what happens.

Thanks for all the help so far!

- trs

Well, again, that's the first problem. The second is the multiple default routes. In some circumstances, multiple default routes are okay, but I seriously doubt that it's okay here.