Cisco AnyConnect vpn stops internet connection in Windows 8
Solution 1
I´ve seen this is a common error and for those who are still looking for an answer, this is that I did.
I have the Cisco AnyConnect Client on my Windows 10 using split tunneling but with ipv6 disabled. After connecting to the VPN I was losing connectivity to the internet because of a DNS problem. Sniffing the traffic with Wireshark I couldn´t see any DNS traffic coming out of any interface. For some reason, Windows 10 was using IPV6 to connect to the internet and Cisco AnyConnect client likes to dump all IPV6 traffic.
The solution was to disable IPV6 on my interface.
Solution 2
Disable IPv6 on your Microsoft PC under the "Local Area Connection" within "Network and Sharing Center" and get back to me. This has worked on three of our computers all with different OS's.
Related videos on Youtube
Evelyn
Updated on September 18, 2022Comments
-
Evelyn over 1 year
I have a VPN set up through Cisco AnyConnect 3.1.04072 on a Windows 8 laptop. I can connect to the vpn, but as soon as I do, all internet traffic stops. I've been researching for days now and I haven't found a solution. A few suggestions I found included unchecking "Use default gateway on remote network" in properties, updating drivers, and editing a key in regedit.
We have three machines that use AnyConnect (a Mac, a Win7, and my Win8) with the same vpn service and mine is the only one with this problem. Also, it began only a few days ago when Cisco released the 3.1.04072 update.
Here's the configuration...
Windows IP Configuration Ethernet adapter Ethernet 2: Connection-specific DNS Suffix . : studentsolutions.org Description . . . . . . . . . . . : Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Physical Address. . . . . . . . . : 00-05-9A-3C-7A-00 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::dab:ae7:bbd7:359b%50(Preferred) Link-local IPv6 Address . . . . . : fe80::8d58:7076:5587:59b9%50(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.247.152(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.224 Default Gateway . . . . . . . . . : :: 192.168.247.129 DHCPv6 IAID . . . . . . . . . . . : 838862234 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-63-E5-A0-B8-88-E3-EA-82-47 DNS Servers . . . . . . . . . . . : 172.16.1.200 NetBIOS over Tcpip. . . . . . . . : Enabled Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 2230 Physical Address. . . . . . . . . : 60-36-DD-43-86-A4 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::9a9:3e90:9529:a776%38(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.106(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, December 17, 2013 6:13:47 PM Lease Expires . . . . . . . . . . : Wednesday, December 18, 2013 7:41:12 PM Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DHCPv6 IAID . . . . . . . . . . . : 207632093 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-63-E5-A0-B8-88-E3-EA-82-47 DNS Servers . . . . . . . . . . . : 192.168.2.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.studentsolutions.org: Connection-specific DNS Suffix . : studentsolutions.org Description . . . . . . . . . . . : Microsoft ISATAP Adapter #13 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5efe:192.168.247.152%47(Preferred) Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 172.16.1.200 NetBIOS over Tcpip. . . . . . . . : Disabled
Here's what the routing table looks like without the vpn:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.106 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.2.106 255.255.255.255 On-link 192.168.2.106 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.2.106 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.2.106 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 16 306 ::/0 On-link 1 306 ::1/128 On-link 16 306 2001::/32 On-link 16 306 2001:0:9d38:6ab8:2892:2af2:3f57:fd95/128 On-link 16 306 fe80::/64 On-link 38 281 fe80::9a9:3e90:9529:a776/128 On-link 16 306 fe80::2892:2af2:3f57:fd95/128 On-link 1 306 ff00::/8 On-link 16 306 ff00::/8 On-link 38 281 ff00::/8 On-link =========================================================================== Persistent Routes: None
And here's what happens after I connect to the vpn:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.106 25 0.0.0.0 0.0.0.0 192.168.247.129 192.168.247.152 2 64.111.25.65 255.255.255.255 192.168.2.1 192.168.2.106 26 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.2.1 255.255.255.255 On-link 192.168.2.106 26 192.168.2.106 255.255.255.255 On-link 192.168.2.106 281 192.168.214.0 255.255.255.0 192.168.2.1 192.168.2.106 25 192.168.215.0 255.255.255.0 192.168.2.1 192.168.2.106 25 192.168.216.0 255.255.255.0 192.168.2.1 192.168.2.106 25 192.168.247.128 255.255.255.224 On-link 192.168.247.152 257 192.168.247.152 255.255.255.255 On-link 192.168.247.152 257 192.168.247.159 255.255.255.255 On-link 192.168.247.152 257 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.2.106 281 224.0.0.0 240.0.0.0 On-link 192.168.247.152 257 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.2.106 281 255.255.255.255 255.255.255.255 On-link 192.168.247.152 257 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.247.129 1 =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 50 41 ::/0 On-link 1 306 ::1/128 On-link 50 296 fe80::/64 On-link 47 306 fe80::5efe:192.168.247.152/128 On-link 38 281 fe80::9a9:3e90:9529:a776/128 On-link 50 296 fe80::dab:ae7:bbd7:359b/128 On-link 50 296 fe80::8d58:7076:5587:59b9/128 On-link 1 306 ff00::/8 On-link 38 281 ff00::/8 On-link =========================================================================== Persistent Routes: None
Pinging the DNS server 172.16.1.200 is unsuccessful. I've tried changing the DNS server in the control panel properties to other things like google's DNS, but the result is the same. All pings fail, as does tracert and nslookup:
>nslookup DNS request timed out. timeout was 2 seconds. Default Server: UnKnown Address: 172.16.1.200
If someone could point me in the right direction I would really appreciate it!
-
Ramhound over 10 yearsHave you tried to roll back the version of the client?
-
Evelyn over 10 yearsYes, it doesn't work because the client updates itself when it connects.
-
Admin about 10 yearsDid u check the ad account is in the security group allowed to connect to the VPN server? Simple test will be to use the ad account on another machine (where the vpn client works) or use another ad account thats is connecting fine with cisco vpn client on another machine.
-
Marek over 9 yearsDid you found the solution for you problem? I have the same on Win 8.1 x64
-
harrymc over 9 yearsPlease comment on the points in the article AnyConnect Support for Windows 8.x. Have you tried AnyConnect 3.1.06073?
-
Squeezy over 9 years"Allow Local LAN Access" per superuser.com/questions/606662/…?
-
Marek over 9 yearsI have the latest version of the client available for installation in my corporate environment - 3.1.4066.0. Answering your question - no, I did not tried installing 3.1.06073 @Squeezy - I think the answer you are linking is related with the older version of Cisco VPN Client
-
Adam Thompson over 9 yearsAre you not able to access the internet through the VPN? Or are you trying to use your local internet connection while connected to the VPN? It may be that your VPN administrator has disabled "split tunnelling". This means that when connected to the VPN, all your traffic goes over the VPN. You won't be able to use your local internet connection, you would need to go through the VPN for internet access.
-
Marek over 9 yearsharrymc - yop, I've checked this site, tried to apply the advice about the registry key fix, but with no luck; other advices in release notes doesn't seem to be applicable for my case
-
-
Evelyn almost 8 yearsSorry, this was so long ago I don't even have AnyConnect installed on my computer anymore, so I can't try your suggestion.