?
Solved

Internet Access after VPN Connection into my network doesn't work

Posted on 2004-12-01
20
Medium Priority
?
327 Views
Last Modified: 2010-04-10

I can create a successfull VPN connection to my network.  I can access my Exchange Server, all the other servers, ping them by name and IP address, but when I try to browse the internet, I always get page can not be displayed.

I do not have a proxy server, but I do have a Cisco Pix Firewall 506.  Is there a rule or something that needs to be setup?  I am baffled.

Randy
0
Comment
Question by:rmefford
  • 8
  • 7
  • 2
17 Comments
 
LVL 2

Expert Comment

by:pcavenue
ID: 12721204
go to the properties of the vpn connection
go to the networking tab
properties of tcpip
advanced
uncheck "use default gateway on remote network"

if you are connected, unconnect, then reconnect

first time, it took me a while to get this one

-dp
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12721278
What VPN client are you using? If Microsoft VPN client, use pcavenue's suggestion above.
If you are using the Cisco VPN client connecting to the PIX 506, then you need to enable split-tunneling on the vpngroup

 access-list split_tunnel permit ip <local lan> <mask> <VPN pool subnet> <mask>
 vpngroup <group> split-tunnel split_tunnel
0
 
LVL 2

Expert Comment

by:pcavenue
ID: 12727920
wow, i thought i had that one, damn im a simpleton, i assumed that randy was using a windows vpn client.  whoops.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:rmefford
ID: 12754583
Okay thanks guys, so far I have only been able to stump this site one time :)  

The answer is I was originally trying to use Microsoft VPN client but wanted to use the Cisco Client, so the tip for the Cisco helped, but both worked.  So I am going to split the points awarded.

Now I have an second question.  I can not access the internet, and the connection works great, but my Exchange users can not connect to Exchange when the VPN connection is connected.  Why would this happen?

Thanks,
Randy
0
 

Author Comment

by:rmefford
ID: 12754618
Sorry above i mean to to say THEY CAN ACCESS THE INTERNET.
0
 

Author Comment

by:rmefford
ID: 12754706
More info, when I try to connect to some network resources, I can not connect by computer name, but can if I connect by IP address, why would this be the case?

Thanks.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12754985
Exchange is a legacy application that requires NetBios and LMHOSTS file will most likely fix it..

LMHOSTS
http://support.microsoft.com/default.aspx?scid=kb;en-us;314884
http://www.realcomputerguy.com/lmhosts.htm
http://www.labmice.net/networking/lmhosts.htm

How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/support/kb/articles/Q180/0/94.ASP 
0
 

Author Comment

by:rmefford
ID: 12755031
I appreciate the suggestion, but I don't think that editing 50+ LMHost files for my clients trying to connect is the best solution.  I am certain, that this is a WINS issue, because I can ping by IP address, and it returns the FQDN.  Any other ideas?

I am assigning the WINS server on the VPN server.

Thanks.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12756786
WINS is supposed to be the answer for not having to distribute LMHOSTS files.
However, as a troubleshooting tool, can we try it on one user? All you should need would be the two lines for domain validation, and the exchange server.

If it works, then we have a direction to go to figure out why WINS is not working. Wins should not return a FQDN, it should only return the Netbios name..

This is with WINS resolution:
 C:\WINDOWS>ping tooser
Pinging TOOSER [192.168.122.182] with 32 bytes of data:

 
0
 

Author Comment

by:rmefford
ID: 12757755
Yes, when I update the LMHOST file with 10.1.5.X  <servername> it works.  So now what?  I really don't want to have each of my clients have to update their LMHOST file for this to work.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12758023
Can you post your PIX config, just the "vpngroup GROUP" section? Are you providing the client with the appropriate WINS server IP? Does the client show up as registered with the WINS server after logging on (look in the WINS database)?

0
 

Author Comment

by:rmefford
ID: 12758111
Okay, I am getting the proper WINS server IP through my VPN connection, and DNS server too.  That is why I am so confused.  When I run the IPCONFIG/ALL command it shows me with the correct IP address/WINS/DNS/Domain.  

Your help is appreciated.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12758351
Does the client show up in the WINS server database?
0
 

Author Comment

by:rmefford
ID: 12758483
Yes
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12758704
The only place I would look now is on the WINS server. Here are some good troubleshooting guides from MSoft:

Troubleshooting the Microsoft Computer Browser Service
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b134304
http://support.microsoft.com/default.aspx?scid=kb;en-us;188305
http://support.microsoft.com/default.aspx?scid=kb;en-us;136712
http://support.microsoft.com/default.aspx?scid=kb;en-us;102878

WINS:
http://support.microsoft.com/?kbid=185786
http://www.microsoft.com/ntserver/techresources/commnet/WINS/WINSwp98/WINS02-12.asp

Problems with workgroup networking in XP:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308007

Problems seeing workgroups when connected to a router:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315978

At least we know the LMHOSTS works as a workaround. Any chance you are using login scripts? It would be trivial to push in a script...
0
 

Author Comment

by:rmefford
ID: 12758718
I am not using a logon script, but you have any easy cut and paste that would work, I am all for it :)

Thanks.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 12758804
One more test before we go that way...unfortunately, I'm not a scripter type, but all you really need are the three lines and they'll be the same for everyone.

Try setting your PC's MTU down to 1300 vs the default 1500

MTU and web browsing/email issues-

Outlook connectivity issues:
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b320843
http://www.dslreports.com/faq/2603
http://searchnetworking.techtarget.com/tip/1,289483,sid7_gci850411,00.html

TCP/IP and NBT Configuration Parameters for Windows 2000 or Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;120642

0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering cloud tradeoffs and determining the right mix for your organization.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question