As you can probably tell, it really irks me that such a simple thing is getting in my way.  I keep telling myself there MUST BE A WAY.  It's just networking.  I have Cisco IOS, I have admin credentials for the box at the other end, just no way to get a TCP connection because return traffic is being dropped.

Yeah, thanks for the suggestions but you are right.  If only there were a way to invoke WSH or WMI from the router... ugh.

Other things I've thought of:

There is somewhat of a port of netcat for IOS called IOScat, though it has limited functionality and even still it would be the same as port forwarding.

No return traffic rules out TCP, but UDP should work?  Maybe there's an exploit that can use entirely UDP, sort of like blind sql injection but with packets, lol.

If there was a way of embedding shell + netsh command into a payload, capturing the packets and then replaying them from the router, not sure how to do that though.

No ssh or telnet, but windows file sharing is on.  I was thinking port forwarding, but i think the problem with the gateway still persists since the source addr is not changed, or am I wrong?

There is only one box, so, correct.

No worries, consider this to be a generic remote office setup.  Windows XP box sitting behind a Cisco router, running the most up to date Cisco IOS 15.X.  Users use the system locally as a standalone box.  VPN is for remote training, troubleshooting, administration, updates, etc.  In this case the installer forgot to set that one little setting.....default gw.

You are correct in your understanding, so you know what my problem is.  No gateway = no routing.  One way traffic is fine, but the responses never come back.  I can get to the server from the router itself, as you say.

Interesting dilemma, I don't know if this is possible.

Topology
(corp hq)----{internet}-----[VPN router]-----(windows XP box)

IPSec VPN tunnel is up between remote VPN router and corp HQ.  Windows machine is directly connected to the internal side of the router, but no default gateway is set.

I can SSH into the router and ping the windows box, but cannot ping the windows box directly.

Is there a way to set the gateway FROM the router since that's the only way I can communicate to it?  The alternative is flying to the remote site and setting the gateway.  Ouch.

Any help would be appreciated.  I have tried a few things without success (for example, enable NAT on the router to do translation; does NOT work because the order NAT is applied versus the VPN tunnel).

Hacks are welcome as long as the remote site is recoverable afterward! 

I drive about 1 - 1.5 hours each day, and I listen to a LOTTTTTT of audiobooks.  Plus TWiT if I'm between books.

It looks like you have a lot of answers here, but I'll have a go as well.

I have very recent experience as a Cisco network engineer.  I took the CCNA 802 exam in 2006, it expired, and I just passed the two ICND exams this year (ICND2 passed about 2 months ago).

If your purpose is to work with Cisco long term, do the 2 exams.
If you just want network experience and the cert, do the 1 exam.

The 2 exam route was harder in my opinion than the 1 exam since ICND2 has more questions on harder material (spanning-tree, frame relay, routing protocol details, etc.).

ICND1 was jokingly easy if you know how to subnet.  ICND2 takes subnetting for granted and almost every question has in depth subnet steps to even know what is being asked.

For the 1 exam route, think of half the questions being too easy and the other half being normal, versus 1 test on easy and 1 on hard.  Literally.  I do intend to continue with CCNP/CCIE, so I took the 2 exams, and the extra studying I had to do was worth it for the long run.

As for material, I used Wendell Odom books ICND1/2 kit for kindle.  I tried it, probably won't do it on Kindle again.  It worked out OK for me to use Odom's books because I tend to read the whole book cover to cover, do all the practice questions, then do the practice questions again, then do practice tests.  I know Cisco very well now.  Other books tend to teach to the exam, which is probably fine in your case.  I've been recommended Lammle's books as well, but I have no experience so I can't say one way or the other.

Finally, as for labs, GNS3 will be plenty sufficient for CCNA level studying, if you can get your hands on IOS...

I saw this last week some time, got as far as creating a new Topic here on EH-Net, and then closed it, thinking it didn't deserve the extra attention.

LOL @ hacking that site though, that's pretty funny, not unexpected.

It's funny you should mention a movie.  They talk about that in the interview, how everyone thought they knew the Kevin Mitnick story and nobody wanted "another" movie/book.  Apparently Kevin couldn't tell the story except what was publicly known by court order until something like 2007.  Now that's up, the new book really tells the story.

As for podcast/vidcast, I like to listen in the car on a 45 min commute, so videos are out.  That's why I like TWiT, but as lorddicranius says, sometimes it gets tiring listening to the same people constantly.  I'd like to pick up something else just as a change in scenery, but I've had a hard time finding a good podcast that's technical enough, informative, and not boring.

Hak5 is video only if I'm not mistaken, or at least you need the video to really know what's going on.  Otherwise I'd probably get into it more.

Can you download PaulDotCom podcast without iTunes?  (I can't stand iTunes.)

Wouldn't it figure, twit.tv just changed their site around and now the link is busted.  http://twit.tv/show/triangulation/21

Good to know they're up on youtube as well.

Anyone else a TWiT listener?  I regularly listen to TNT, TWIT, TWIG, sometimes Security Now (but I've gotten a little bored with Steve Gibson), and the Triangulation interviews are pretty cool.

Last week Leo Laporte and Tom Merritt interviewed Kevin Mitnick on their Triangulation podcast.  It wasn't bad, he's a good story teller for sure.  I think it was good timing to promote his newest book Ghost in the Wires.

http://www.twit.tv/tri21

Speaking of exams, I have CEH exam coming up, and I just passed CCNA 2 weeks ago.  I gotta finish CEH quickly too because I have a software engineering class coming up in the fall at the university.

I feel ya..>!!!!! 

Congrats all!!!  This is a really good prize..