Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 258
  • Last Modified:

Internal clients cannot access Internet when VPN client is connected

We have a Windows 2003 Server running ISA Server 2000 with routing and remote access configured to accept VPN connections.

There is no problem connecting to the network with the VPN client except that once connected the clients on the internal side of the network can no longer access the internet.

As a side note, this "lockup" also freezes the ISA server until such time that the VPN client disconnects.

Once the VPN client has disconnected, all functions return to normal.

This is a dual-homed server utilizing static-ip addressing for the VPN clients.

Any help is most appreciated.
0
BHHanley
Asked:
BHHanley
  • 4
  • 3
1 Solution
 
Tim HolmanCommented:
You need to setup split tunnelling.  This means that the VPN tunnel will only encrypt traffic to and from the remote network, rather than trying to send everything (inc. HTTP) down the same connection.
The 'use default gateway on remote network' tickbox under TCP/IP / Advanced settings is the box that enables/disables split tunnelling.
0
 
Tim HolmanCommented:
This article should fill in the gaps -

http://www.isaserver.org/tutorials/vpnclientsecurity2.html
0
 
BHHanleyAuthor Commented:
I apologize for the delay in responding. The above article did not resolve my situation.

I have asked for this question to be closed.

0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Tim HolmanCommented:
Bhanley - how did you fix it ?
0
 
BHHanleyAuthor Commented:
See the question.
0
 
Tim HolmanCommented:
> See the question.

Sorry - I can't see anywhere how you've resolved this.  This information could be of use to others out there...  :)
0
 
BHHanleyAuthor Commented:
The solution lies in the fact that the VPN client must access the Internet via the local proxy server (in this case the ISA server). The VPN must setup it's Internet connection as a dial-up rather than a LAN connection even though it is accessing the local network via the LAN. This forces the client to use the ISA servers' Internet connection and not the ISP providers connection that the VPN is using to access the local network to surf the internet.

0
 
RomModCommented:
The question has been PAQ'd and the 500 points have been refunded.
RomMod
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now