no WWW access when connected to corporate VPN without IE proxy

[sambosoul]

Hello,

I am facing an issue for quite a while now and was hoping that the masterminds here could point me into the right direction.

Currently, I am having the following network setup at home:

Local ISP router (establishes connection the internet)
Asus AC66U with AsusMerlin firmware who servers as the wireless access point.

All devices are connected to the Asus router. When working from home with my work PC I am usually connected to my company network through a Cisco AnyConnect VPN client software. However, when being connected to the corporate VPN I am forced to enter a proxy URL in the IE connection settings in order to access external websites. Without the proxy URL only intranet websites are loading, all external websites are not opening.

Strangely, when switching on the wireless network on my ISP router temporarily, I am able to browse to external websites when being connected to my corporate VPN and even without the proxy URL.

I do not know what is causing the issue but there might be some setting in the Asus router which causes this problem?

I would very much appreciate your feedback on this matter as this has been bugging me for months now.

With Regards,
SamboSoul

 

[ColinTaylor]

Is your work PC normally connected to the Asus with a wired connection of wireless?

 

[sambosoul]

Hello ColinTaylor,

I’m always connected wirelessly.

 

[ColinTaylor]

I’m always connected wirelessly.

OK. I thought it might be the network adaptor priority, but if you're using the same wireless interface to connect to both AP's then it can't be that.

Is your Asus configured in Access Point(AP) mode or Wireless router mode (Default) ?

 

[sambosoul]

Hello Colin,

The Asus router has always been configured in the wireless router mode (default). I am using the Asus router to establish an OpenVPN client connection to a consumer VPN provider for selected clients connected.

 

[ColinTaylor]

The Asus router has always been configured in the wireless router mode (default).

So presumably you have different subnets for the Asus and the ISP router. I would compare the Cisco AnyConnect "Route Details" when connected to each router. Maybe there's an conflict or overlap of the local and remote IP address ranges.

I am using the Asus router to establish an OpenVPN client connection to a consumer VPN provider for selected clients connected.

Presumably your laptop isn't one of the selected OpenVPN clients. Try turning off the OpenVPN client completely and test your Cisco connections again, just in case it's interfering with the routing.

 

[sambosoul]

Hello ColinTaylor,

Apologies for the late response... below are screenshot, first when being connected to the ISP router with an established client VPN connection and then when being connected to the Asus router with an established client VPN connection.

As far as I can see only the server address differs.. although I have connected to the same VPN server.

There's no difference when switching off the OpenVPN client connection.. makes no change unfortunately

 

[ColinTaylor]

What does the "Route Details" tab look like?

 

[sambosoul]

Hello Colin,

Regardless which wireless/router I connect to the "Route Details" within the Cisco AnyConnect client show 0.0.0.0/0 under "Secured Routes (IPv4)

 

[ColinTaylor]

So split tunnelling isn't setup so it shouldn't be possible for the PC to access anything outside the corporate network.

I'm out of ideas really. I would think it has to be something on the PC side, perhaps with Windows' routing and metrics. Possibly the PC is using IPv6 when connected to the ISP router and that takes priority over the VPNs IPv4?

Maybe do a "route print" and "ipconfig /all" from the command line in both circumstances and compare.