Internet Access after VPN Connection into my network doesn't work


I can create a successfull VPN connection to my network.  I can access my Exchange Server, all the other servers, ping them by name and IP address, but when I try to browse the internet, I always get page can not be displayed.

I do not have a proxy server, but I do have a Cisco Pix Firewall 506.  Is there a rule or something that needs to be setup?  I am baffled.

Randy
rmeffordAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pcavenueCommented:
go to the properties of the vpn connection
go to the networking tab
properties of tcpip
advanced
uncheck "use default gateway on remote network"

if you are connected, unconnect, then reconnect

first time, it took me a while to get this one

-dp
0
lrmooreCommented:
What VPN client are you using? If Microsoft VPN client, use pcavenue's suggestion above.
If you are using the Cisco VPN client connecting to the PIX 506, then you need to enable split-tunneling on the vpngroup

 access-list split_tunnel permit ip <local lan> <mask> <VPN pool subnet> <mask>
 vpngroup <group> split-tunnel split_tunnel
0
pcavenueCommented:
wow, i thought i had that one, damn im a simpleton, i assumed that randy was using a windows vpn client.  whoops.
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

rmeffordAuthor Commented:
Okay thanks guys, so far I have only been able to stump this site one time :)  

The answer is I was originally trying to use Microsoft VPN client but wanted to use the Cisco Client, so the tip for the Cisco helped, but both worked.  So I am going to split the points awarded.

Now I have an second question.  I can not access the internet, and the connection works great, but my Exchange users can not connect to Exchange when the VPN connection is connected.  Why would this happen?

Thanks,
Randy
0
rmeffordAuthor Commented:
Sorry above i mean to to say THEY CAN ACCESS THE INTERNET.
0
rmeffordAuthor Commented:
More info, when I try to connect to some network resources, I can not connect by computer name, but can if I connect by IP address, why would this be the case?

Thanks.
0
lrmooreCommented:
Exchange is a legacy application that requires NetBios and LMHOSTS file will most likely fix it..

LMHOSTS
http://support.microsoft.com/default.aspx?scid=kb;en-us;314884
http://www.realcomputerguy.com/lmhosts.htm
http://www.labmice.net/networking/lmhosts.htm

How to Write an LMHOSTS File for Domain Validation and Other Name Resolution Issues
http://support.microsoft.com/support/kb/articles/Q180/0/94.ASP 
0
rmeffordAuthor Commented:
I appreciate the suggestion, but I don't think that editing 50+ LMHost files for my clients trying to connect is the best solution.  I am certain, that this is a WINS issue, because I can ping by IP address, and it returns the FQDN.  Any other ideas?

I am assigning the WINS server on the VPN server.

Thanks.
0
lrmooreCommented:
WINS is supposed to be the answer for not having to distribute LMHOSTS files.
However, as a troubleshooting tool, can we try it on one user? All you should need would be the two lines for domain validation, and the exchange server.

If it works, then we have a direction to go to figure out why WINS is not working. Wins should not return a FQDN, it should only return the Netbios name..

This is with WINS resolution:
 C:\WINDOWS>ping tooser
Pinging TOOSER [192.168.122.182] with 32 bytes of data:

 
0
rmeffordAuthor Commented:
Yes, when I update the LMHOST file with 10.1.5.X  <servername> it works.  So now what?  I really don't want to have each of my clients have to update their LMHOST file for this to work.
0
lrmooreCommented:
Can you post your PIX config, just the "vpngroup GROUP" section? Are you providing the client with the appropriate WINS server IP? Does the client show up as registered with the WINS server after logging on (look in the WINS database)?

0
rmeffordAuthor Commented:
Okay, I am getting the proper WINS server IP through my VPN connection, and DNS server too.  That is why I am so confused.  When I run the IPCONFIG/ALL command it shows me with the correct IP address/WINS/DNS/Domain.  

Your help is appreciated.
0
lrmooreCommented:
Does the client show up in the WINS server database?
0
rmeffordAuthor Commented:
Yes
0
lrmooreCommented:
The only place I would look now is on the WINS server. Here are some good troubleshooting guides from MSoft:

Troubleshooting the Microsoft Computer Browser Service
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b134304
http://support.microsoft.com/default.aspx?scid=kb;en-us;188305
http://support.microsoft.com/default.aspx?scid=kb;en-us;136712
http://support.microsoft.com/default.aspx?scid=kb;en-us;102878

WINS:
http://support.microsoft.com/?kbid=185786
http://www.microsoft.com/ntserver/techresources/commnet/WINS/WINSwp98/WINS02-12.asp

Problems with workgroup networking in XP:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308007

Problems seeing workgroups when connected to a router:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315978

At least we know the LMHOSTS works as a workaround. Any chance you are using login scripts? It would be trivial to push in a script...
0
rmeffordAuthor Commented:
I am not using a logon script, but you have any easy cut and paste that would work, I am all for it :)

Thanks.
0
lrmooreCommented:
One more test before we go that way...unfortunately, I'm not a scripter type, but all you really need are the three lines and they'll be the same for everyone.

Try setting your PC's MTU down to 1300 vs the default 1500

MTU and web browsing/email issues-

Outlook connectivity issues:
http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b320843
http://www.dslreports.com/faq/2603
http://searchnetworking.techtarget.com/tip/1,289483,sid7_gci850411,00.html

TCP/IP and NBT Configuration Parameters for Windows 2000 or Windows NT
http://support.microsoft.com/default.aspx?scid=kb;EN-US;120642

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.