Solved

Multiple connections with VPN needed

Posted on 2002-06-13
3
238 Views
Last Modified: 2010-04-11
Okay, I've seen parts of this posted in other questions but havent been able to put it all together.

I havea cable modem that Im connected to thru a linksys router (dont think thats part of it thou). I have set up a VPN to get into a clients machine. When I connect to the VPN network my normal interent connection is lost. The moment I disconnect from VPN it is restored.

How can I have both? I want to be able to get to lotus notes, email, etc will in the VPN. How can I share?

I have WIn2k.

Thanks
0
Comment
Question by:Oshrin
  • 2
3 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7076005
Here are some relevant comments from a similar Q.

From: mbruner  Date: 06/13/2002 08:25AM PST  
The reason your tracert shows your traffic going through your works Internet connection is that your
VPN has been setup to not allow split tunnelling.  It is done to help insure that someone doesn't bring
unauthorized traffic into the company network through an unsecured Internet connection.  Manually changing
your default gateway could cause your VPN connection to quit functioning or not establish at all.

The first thing to do should be to briefly try playing with your Outlook Express account settings.  
The "550 Relaying to <whoever> prohibited" typically means that your email server requires you to log
in before it will send email for you.  Here is a link to a very brief Q article on Microsoft's web-site
explaining the steps to get this working:

http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q197869&LN=EN-US&rnk=1&SD=tech&FR=0&qry=relaying%20prohibited&src=DHCS_MSPSS_tech_SRCH&SPR=OEX&

There are some ISP's out there that require their email users to access their accounts from a machine
using the ISP's IP address range.  If your VPN connection doesn't allow split tunnelling, then you will
be trying to attach to your email server using your works IP address and not the one the ISP assigned
to you.  This is likely the cause of your problem.  If so, then there isn't a lot you can do other than
disconnect from your VPN session and check your mail.  

I once saw some weird relaying errors with an email server that was caused by the client machine's Internet
domain name being different than what it expected.  It may be possible for a VPN connection to change
your machines Internet domain name (e.g. experts-exchange.com) when setting up system parameters for
the VPN connection.  If the above steps don't would, you could try manually setting your Internet domain
name on your PC.  This typically overrides settings provided by DHCP.  Please note that I have only
seen this once, and I can't remember what email server they were running, so this suggestion is a major
shot in the dark.

My last suggestion would be to call your email provider, or the software company that wrote your email
server.  It is very likely that they have seen this before and could probably have you working in a
matter of minutes.

Hope it helps.  Good luck!  
Comment
From: mbruner  Date: 06/13/2002 08:33AM PST  
Also, to better answer if there is a way around the VPN connection's no-split tunnelling requirement,
it depends on your VPN connection.  If your work uses an enterprise level VPN server / concentrator,
then you probably can't get around it.  You can try changing your default gateway, but I really doubt
it will help.

You could alway try calling your works Network or Security Admins to see if you would allow you to do
split tunnelling.  Don't get your hopes up, but you never know...  

see

http://www.experts-exchange.com/winntnet/Q_20311059.html

I hope this helps !

0
 
LVL 63

Accepted Solution

by:
SysExpert earned 200 total points
ID: 7076018
More info :

From: tmirra
 When connecting thru a VPN is the user able to terminate the VPN client software and still have access    to the internet thru the ISP? Also, and this is more of a legal question but I want to know how other   companies are dealing with this. If the answer to the first part of my question is yes. Then can my     company be held liable for what someone does on the internet, i.e. download pornography? How are other    companies handling this.
                                       
 From: lrmoore            Date: 04/23/2001 06:10PM PST
     Yes. It is called "split tunneling". The simplest way to do it is to un-check the box to "use default gateway on remote network" from the TCP/IP settings when setting up the MSoft VPN (PPTP) client. Other    client software has other methods.

    >can my company be held liable for what someone does on the internet
  Not if you are not providing them Internet access through your corporate Internet connection, but they   are using a dial-up ISP account.
  If you do allow them access, then you should monitor the traffic and immediately fire anyone caught        violating company policies. Having a written policy is the biggest thing you can do to protect yourself.     Create an Internet Usage policy, and have everyone sign a statement to the effect that they have read    and understand..
                                       
  From: lrmoore        Date: 04/23/2001 06:41PM PST
   Not exactly, split-tunneling is where I first open a dial-up (or broadband) connection to the Internet,
     then open a second connection with the VPN client. Any traffic destined to/from the corporate network
       travels through the VPN, but all other normal web traffic bypasses the VPN and goes straight out through
         the ISP. If I don't enable split-tunneling, then when I make the VPN connection, ALL traffic tries to
        go through the tunnel and I will only be able to access the Internet sites allowed by the corporate
         policies enforced by firewalls, proxies, etc.
   Here is some information from several different vendors.

       http://www.nwfusion.com/newsletters/vpn/0823vpn2.html
    http://www.networkcomputing.com/922/922sp2.html
                                         http://www.skystone.com/warp/public/779/largeent/learn/technologies/vpn/ttalk_qna_0600.html
    http://www.infosecuritymag.com/articles/july00/features1b.

I hope this helps !
0
 

Author Comment

by:Oshrin
ID: 7076617
This is the part that worked for me....so simple!

thanks


Yes. It is called "split tunneling". The simplest way to do it is to un-check the box to "use default
                   gateway on remote network" from the TCP/IP settings when setting up the MSoft VPN (PPTP) client. Other
                      client software has other methods.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now