[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Multiple connections with VPN needed

Posted on 2002-06-13
3
Medium Priority
?
284 Views
Last Modified: 2010-04-11
Okay, I've seen parts of this posted in other questions but havent been able to put it all together.

I havea cable modem that Im connected to thru a linksys router (dont think thats part of it thou). I have set up a VPN to get into a clients machine. When I connect to the VPN network my normal interent connection is lost. The moment I disconnect from VPN it is restored.

How can I have both? I want to be able to get to lotus notes, email, etc will in the VPN. How can I share?

I have WIn2k.

Thanks
0
Comment
Question by:Oshrin
  • 2
3 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7076005
Here are some relevant comments from a similar Q.

From: mbruner  Date: 06/13/2002 08:25AM PST  
The reason your tracert shows your traffic going through your works Internet connection is that your
VPN has been setup to not allow split tunnelling.  It is done to help insure that someone doesn't bring
unauthorized traffic into the company network through an unsecured Internet connection.  Manually changing
your default gateway could cause your VPN connection to quit functioning or not establish at all.

The first thing to do should be to briefly try playing with your Outlook Express account settings.  
The "550 Relaying to <whoever> prohibited" typically means that your email server requires you to log
in before it will send email for you.  Here is a link to a very brief Q article on Microsoft's web-site
explaining the steps to get this working:

http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q197869&LN=EN-US&rnk=1&SD=tech&FR=0&qry=relaying%20prohibited&src=DHCS_MSPSS_tech_SRCH&SPR=OEX&

There are some ISP's out there that require their email users to access their accounts from a machine
using the ISP's IP address range.  If your VPN connection doesn't allow split tunnelling, then you will
be trying to attach to your email server using your works IP address and not the one the ISP assigned
to you.  This is likely the cause of your problem.  If so, then there isn't a lot you can do other than
disconnect from your VPN session and check your mail.  

I once saw some weird relaying errors with an email server that was caused by the client machine's Internet
domain name being different than what it expected.  It may be possible for a VPN connection to change
your machines Internet domain name (e.g. experts-exchange.com) when setting up system parameters for
the VPN connection.  If the above steps don't would, you could try manually setting your Internet domain
name on your PC.  This typically overrides settings provided by DHCP.  Please note that I have only
seen this once, and I can't remember what email server they were running, so this suggestion is a major
shot in the dark.

My last suggestion would be to call your email provider, or the software company that wrote your email
server.  It is very likely that they have seen this before and could probably have you working in a
matter of minutes.

Hope it helps.  Good luck!  
Comment
From: mbruner  Date: 06/13/2002 08:33AM PST  
Also, to better answer if there is a way around the VPN connection's no-split tunnelling requirement,
it depends on your VPN connection.  If your work uses an enterprise level VPN server / concentrator,
then you probably can't get around it.  You can try changing your default gateway, but I really doubt
it will help.

You could alway try calling your works Network or Security Admins to see if you would allow you to do
split tunnelling.  Don't get your hopes up, but you never know...  

see

http://www.experts-exchange.com/winntnet/Q_20311059.html

I hope this helps !

0
 
LVL 63

Accepted Solution

by:
SysExpert earned 800 total points
ID: 7076018
More info :

From: tmirra
 When connecting thru a VPN is the user able to terminate the VPN client software and still have access    to the internet thru the ISP? Also, and this is more of a legal question but I want to know how other   companies are dealing with this. If the answer to the first part of my question is yes. Then can my     company be held liable for what someone does on the internet, i.e. download pornography? How are other    companies handling this.
                                       
 From: lrmoore            Date: 04/23/2001 06:10PM PST
     Yes. It is called "split tunneling". The simplest way to do it is to un-check the box to "use default gateway on remote network" from the TCP/IP settings when setting up the MSoft VPN (PPTP) client. Other    client software has other methods.

    >can my company be held liable for what someone does on the internet
  Not if you are not providing them Internet access through your corporate Internet connection, but they   are using a dial-up ISP account.
  If you do allow them access, then you should monitor the traffic and immediately fire anyone caught        violating company policies. Having a written policy is the biggest thing you can do to protect yourself.     Create an Internet Usage policy, and have everyone sign a statement to the effect that they have read    and understand..
                                       
  From: lrmoore        Date: 04/23/2001 06:41PM PST
   Not exactly, split-tunneling is where I first open a dial-up (or broadband) connection to the Internet,
     then open a second connection with the VPN client. Any traffic destined to/from the corporate network
       travels through the VPN, but all other normal web traffic bypasses the VPN and goes straight out through
         the ISP. If I don't enable split-tunneling, then when I make the VPN connection, ALL traffic tries to
        go through the tunnel and I will only be able to access the Internet sites allowed by the corporate
         policies enforced by firewalls, proxies, etc.
   Here is some information from several different vendors.

       http://www.nwfusion.com/newsletters/vpn/0823vpn2.html
    http://www.networkcomputing.com/922/922sp2.html
                                         http://www.skystone.com/warp/public/779/largeent/learn/technologies/vpn/ttalk_qna_0600.html
    http://www.infosecuritymag.com/articles/july00/features1b.

I hope this helps !
0
 

Author Comment

by:Oshrin
ID: 7076617
This is the part that worked for me....so simple!

thanks


Yes. It is called "split tunneling". The simplest way to do it is to un-check the box to "use default
                   gateway on remote network" from the TCP/IP settings when setting up the MSoft VPN (PPTP) client. Other
                      client software has other methods.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question