Comment 2 for bug 124663

This is the default behaviour for the commercial cisco client as well. The reason it is configured in this manner is to prevent external attackers using a (typically poorly secured) external workstation with VPN access to access internal resources. Cisco has a feature in their newer concentrators that allows this behaviour to be disabled for certain groups of users, although I am unsure as to whether vpnc supports this.

The preferred general solution is for the VPN hosting organisation to provide (secured) routing to external resources through the VPN for connected clients, in compliance with the providing organisations security model.