Unable to RDP into work computer while it's connected to vpn after router upgrade

Question

I recently got a new router and it broke my workflow. This is likely a complex problem so please read it thoroughly.

Summary

I have been working on a netgear nighthawk r7000 router for a few months. As part of my work I work with many different clients that often require a VPN connection. I also often have multiple PCs in my office. My solution was to use Parsec to RDP into these computers from one central computer to avoid dealing with KVMs etc. The flow is normally

1. Connect to WorkComputer on my local network (192.168.1.A) with Parsec.
2. On WorkComputer connect it to WorkVPN.
3. Continue on as normal and work A-OK

I then purchased an Asus AX86U-Pro router since my old router was starting to die. After adding this Asus router to my network, and swapping all my devices over to my new network (192.168.50.X), WorkComputer becomes unreachable on my local network as soon as I connect it to the VPN.

If I connect my workstation and WorkComputer to my old router, Parsec works fine both on and off vpn.

Details

I kept my old router on my network to host smart home devices. So my new router has a subnet of 192.168.50.X. I suspect maybe the unusual subnet is on some allow/disallow list? But this occurs on two separate VPN clients so it's either a common security configuration, or not this at all.

Parsec works on both networks if my WorkComputer is not connected to a VPN. And to clarify i'm RDP from my workstation into my WorkComputer.

The routing table on my WorkComputer is identical on both networks. It correctly has both the VPN 0.0.0.0 route, and a 0.0.0.0 route via my default gateway (either 192.168.1.0 or 192.168.50.0) depending on the network currently connected. So split brain DNS appears to be fine. This leans me towards an inbound rule?

My VPN software doesn't expose settings for allowing Local LAN connections, however given it works on one router and not the other, I'm guessing that's not the issue.

My Modem is a Technicolor CGM4140COM and I cannot change it (ISP registers mac address) and it does not have an option to operate in modem-only mode. However, given this all works with double NAT on my old router, I have no reason to believe double NAT is the issue here.

All network connections on the old router were public networks. I tried switching things to private and it didn't resolve the issue.

Network Topology

Modem: Technicolor CGM4140COM
Router (old): Netgear Nighthawk r7000
Router (new): Asus AX86U-Pro
Cable internet -- Modem/Router combo unit -- Router(old)
                                          \_ Router(new)

This is like a Y shaped topology with both routers connected to the modem/router combo. See details for why I do not believe double NAT is the issue here.

Answer 1

Have you checked that the changes aren't causing the Network Connection Profile to be changed, for instance from Private to Public? I've seen weird situations where that can be caused to change, at which point any Windows Firewall rules that might be in place to allow RDP may no longer be applied if they're only configured on the Private profile.

In a Powershell window, run :

Get-NetConnectionProfile

on the work machine, on each network, and connected and unconnected to the VPN, and see if it changes. It will show you the available network interfaces and which NetworkCategory applied to them.

If it has changed, you can change it back using :

Get-NetConnectionProfile -InterfaceAlias "NetworkName" | Set-NetConnectionProfile -NetworkCategory Private -Confirm:$false -PassThru

and see if that resolves the issue.