Internal clients cannot access Internet when VPN client is connected

Posted on 2004-10-13
Last Modified: 2010-05-18
We have a Windows 2003 Server running ISA Server 2000 with routing and remote access configured to accept VPN connections.

There is no problem connecting to the network with the VPN client except that once connected the clients on the internal side of the network can no longer access the internet.

As a side note, this "lockup" also freezes the ISA server until such time that the VPN client disconnects.

Once the VPN client has disconnected, all functions return to normal.

This is a dual-homed server utilizing static-ip addressing for the VPN clients.

Any help is most appreciated.
Question by:BHHanley
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 23

Expert Comment

by:Tim Holman
ID: 12306602
You need to setup split tunnelling.  This means that the VPN tunnel will only encrypt traffic to and from the remote network, rather than trying to send everything (inc. HTTP) down the same connection.
The 'use default gateway on remote network' tickbox under TCP/IP / Advanced settings is the box that enables/disables split tunnelling.
LVL 23

Expert Comment

by:Tim Holman
ID: 12306603
This article should fill in the gaps -

Author Comment

ID: 12353032
I apologize for the delay in responding. The above article did not resolve my situation.

I have asked for this question to be closed.

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

LVL 23

Expert Comment

by:Tim Holman
ID: 12369077
Bhanley - how did you fix it ?

Author Comment

ID: 12372294
See the question.
LVL 23

Expert Comment

by:Tim Holman
ID: 12380263
> See the question.

Sorry - I can't see anywhere how you've resolved this.  This information could be of use to others out there...  :)

Author Comment

ID: 12381818
The solution lies in the fact that the VPN client must access the Internet via the local proxy server (in this case the ISA server). The VPN must setup it's Internet connection as a dial-up rather than a LAN connection even though it is accessing the local network via the LAN. This forces the client to use the ISA servers' Internet connection and not the ISP providers connection that the VPN is using to access the local network to surf the internet.


Accepted Solution

RomMod earned 0 total points
ID: 12389455
The question has been PAQ'd and the 500 points have been refunded.
Community Support Moderator

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Random Terminal Server disconnections. 2 236
Adding VPN user with Cisco RV110W changes IP address 7 87
VPN connect issues 2 57
Objects in Cisco ASA 2 55
I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question