Solved

Internal clients cannot access Internet when VPN client is connected

Posted on 2004-10-13
9
247 Views
Last Modified: 2010-05-18
We have a Windows 2003 Server running ISA Server 2000 with routing and remote access configured to accept VPN connections.

There is no problem connecting to the network with the VPN client except that once connected the clients on the internal side of the network can no longer access the internet.

As a side note, this "lockup" also freezes the ISA server until such time that the VPN client disconnects.

Once the VPN client has disconnected, all functions return to normal.

This is a dual-homed server utilizing static-ip addressing for the VPN clients.

Any help is most appreciated.
0
Comment
Question by:BHHanley
  • 4
  • 3
9 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12306602
You need to setup split tunnelling.  This means that the VPN tunnel will only encrypt traffic to and from the remote network, rather than trying to send everything (inc. HTTP) down the same connection.
The 'use default gateway on remote network' tickbox under TCP/IP / Advanced settings is the box that enables/disables split tunnelling.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12306603
This article should fill in the gaps -

http://www.isaserver.org/tutorials/vpnclientsecurity2.html
0
 

Author Comment

by:BHHanley
ID: 12353032
I apologize for the delay in responding. The above article did not resolve my situation.

I have asked for this question to be closed.

0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12369077
Bhanley - how did you fix it ?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:BHHanley
ID: 12372294
See the question.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12380263
> See the question.

Sorry - I can't see anywhere how you've resolved this.  This information could be of use to others out there...  :)
0
 

Author Comment

by:BHHanley
ID: 12381818
The solution lies in the fact that the VPN client must access the Internet via the local proxy server (in this case the ISA server). The VPN must setup it's Internet connection as a dial-up rather than a LAN connection even though it is accessing the local network via the LAN. This forces the client to use the ISA servers' Internet connection and not the ISP providers connection that the VPN is using to access the local network to surf the internet.

0
 

Accepted Solution

by:
RomMod earned 0 total points
ID: 12389455
The question has been PAQ'd and the 500 points have been refunded.
RomMod
Community Support Moderator
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now