Category Archives: Cisco


CISCO VPN not working from Home Wifi

Today a new customer of mine complainted about his inability to connect to his HQs through CISCO VPN connection, when he goes over his home wifi connection, or some public/other home places wifi hot spots.

Well my answer was rather fast…

The customers lan ip addresses are dhcp pooled by a CISCO 800 family router that spreads a network of

How common….come on!!!!

Most of home/soho routers use this particular range. The problem and its cause is almost obvious…

Let’s have an easy example:

External client connected through home wifi has local ip address and as a gateway.

The user fires up a vpn connection (cisco/microsoft/etc) in order to connect to a server inside his corporate network that has an ip of

The client will try to find the recipient (stated in the packet header) in his local lan and not on the other side. That’s easy to understand if you simply hit a route print command on your cmd.

IPv4 Route Table
Active Routes:
Network Destination Netmask Gateway Interface Metric 20 On-link 276 On-link 276 On-link 276

The first line says that for any destination ask your gateway

The second says that for any ip address in your family ip range ASK YOURSELF-NOT THE GATEWAY, eg. find the recipient server in your lan. Of course the second rule supersedes the first….

As you may understand any try to connect to the remote server will fail, even if the vpn is connected, since the packet will never leave the gateway and will never reach the other end.

The customer, has a complete AD inside his corporate lan and lot of remote sites going around. Personally I think it was quite stupid to use a commercial/home ip range for this type of network…. Now since I cannot change any of the ip ranges inside the corporate lan I have only 2 options

  1. Visit his house and change the ip range pooled by his home router. Pretent that problem is fixed and wait till he visits another network with the problematic range (a hotel or another hot spot). Sorry not my type….
  2. The second option is to chase my NPS (Network Philosophers Stone), using nats, other router pools and God help us what else….

Be very cautious on your network designs…Someone in the future may curse you!!!!

%d bloggers like this: