This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.ER605 - VPN passthrough vs one domain
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
I have an unusual issue. My work requires I first connect to the company VPN, and then to a Cisco AnyConnect VPN to access other tools. With the ER605 having VPN passthough on my default, all used to work fine. Then sometime last year, I find that some sites and apps that once worked over AnyConnect no longer do. My solution was to add a second router (A NetGear in this case) that connects to the same ER605. It seems to only fail getting do a small (but important) number of svcs on the work network, and only when AnyConnect is engaged.
I don't do anything special with this ER605 other than assign static IPs on the LAN. I've tried putting the PC in the DMZ without success. Even tried putting the ER605 to factory defaults once, and still no luck. Our engineers didn't have a solution except to suggest adding a second router on the DMZ. The DMZ didn't seem to matter though, I've disabled it and the second router still functions fine.
As I have a working solution, I'm loathe to blame anything outside of my LAN. Typically I'd include all the specs and firmware info, but really I'm just interested in anyone's thoughts on why adding a second router between the PC and ER605 vs a direct connection to the ER605 would be actually be a solution.
Ok, so it's not that easy to figure out. the question is whether you must consult with those who have SSTP and AnyConnect VPN and ask if they can see anything in the logs. on TP-Link there aren't that many logs that can reveal such errors.. possibly play the ball over to TP-Link to hear what they think.
@Clive_A is our man on the forum maybe he knows more.
I also use SSTP which is powered by Intune for our internal resources at work on my home computer but I haven't had any problems with the same as you.
My other VPN to manage remote network run on a cupple of routers in my home and handel this automatic and have nothing to do with SSTP,
so sorry that I cant help you more. I will folow this thread to se if there any solution 
I appreciate your thoughts on that, and now I've got all my devices on latest firmware which I hadn't checked for a while :)
A crude map, but in a nutshell I've got this. The red line is what I'd like to do, and the blue line through the Linksys is my workaround solution.
The Company VPN is setup in Windows: Just an address to connect to, and the details say SSTP and CHAP enabled. That gets me to many of my workplace tool.
However some also require AnyConnect. When I enable that, I can no longer route to the tools that were available with just the first VPN.
My engineering team couldn't figure out why, but recommended adding a second router between the PC and the ER605 (the Linksys). That did work, though I don't know why it does. They also suggested putting it on the ER605's DMZ, but I discovered that wasn't actually necessary to solve the problem.
When I use an AT&T hotspot connected directly to the PC I don't have to use the Linksys at all to access all of the work tools. So the problem seems to be between my PC and the ER605, and the Linksys is apparently correcting whatever routing failings that I have without it.
Over a year ago, this did work normally without needing the Linksys at all. I've tried firmware updates, a factory default reset, and have played with the ER605 VPN features though my knowledge of VPN trobleshooting is at best just making sure I've got the right server and login credentials.
Thank you for giving it some thought. :)
