resolving websites when vpn connection

Posted on 2006-11-03
Last Modified: 2010-04-12
Hello All,

On our work network we have a number of public IP's.  I have placed a Linksys BEFSX41 at one of the public addresses and the other one at home behind another linksys firewall.

I can sucessfully make the vpn tunnel and everything is working fine from the home side of the network.  I have a voip phone that connects perfectly to the ipbx at work, can remote desktop etc perfectly.  here is the problem... once the vpn tunnel is established on the work side of the network local devices can no longer resolve (some) websites.  i can get to etc but not other sites.  https sites seem to work.  what is strange is that it doesn't appear to be a dns issue because even if i go to the ip addresses of the websites they do not appear, can't ping, tracert etc.  I have tried the mtu settings to no avail.  if i disconnect the vpn then the problem dissapears.

i am really confused now.

any help greatly appreciated.

Regards, Charles
Question by:chcalabro
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 77

Expert Comment

by:Rob Williams
ID: 17872934
I assume you are using the Windows VPN and client?  If so, there is a security feature in the VPN client that blocks local connections, including local Internet access, to protect the office/remote network. You can disable this if you wish. To do so on the client/connecting PC, go to:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
You may currently be accessing some sites through the corporate network, and being blocked from others either by corporate restrictions or the corporate DNS configuration.

Expert Comment

ID: 17873880
Hi chcalabro,

You have to configure split horizons feature for your VPN connections.
See if you VPN client has Split Horizons. Also its possible that your office VPN server will not allow you to use Split Horizons.


Author Comment

ID: 17874683
Robwill they are not using the vpn client they are just accessing the internet via the router which is their gateway.  once the home vpn router connects to the office vpn router and the tunnel is established then the pc's on the office side of the network fail to connect to the internet properly.

nitaadmin thanks i will check this although i have not heard of it before.

Thanks for posting!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 77

Expert Comment

by:Rob Williams
ID: 17874815
Sorry I misunderstood. So you are saying that at the main office these users loose access to some web sites when a home user connects via VPN. If so, check that the home user is using a different subnet than the office. For example if the office uses 192.168.1.x then the home site must use something else.If they are the same, it is possible there are some routing conflicts if RRAS is set upon the server.

Author Comment

ID: 17874884
Hi RObwill, the subnet is the same but the office is on a 192.168.1.x range and home is on a 192.168.72.x range does the subnet still need to be different.
LVL 77

Expert Comment

by:Rob Williams
ID: 17875011
Subnet = 192.168.1.x or 192.168.72.x
Subnet mask =
So you are fine. Subnets need to be different but subnet masks can be the same.
It was just a thought.

Author Comment

ID: 17875043
again it is only when the tunnel is established that the connections on the 192.168.1.x range go nowhere, the 192.168.72.x machines are fine.

Accepted Solution

NTJOCK earned 500 total points
ID: 17886928
I'd look at a few things:

1) Try to reduce the number of public IPs.  This makes your routing tables simpler.  May not always be practical.    

2) Examine your routing tables.  It may help to write them down and then "trace" by pencil how a packet would go to the outside world.

3) using tracert, see where the packet is going.  This should match what you see in step 2.  If it doesn't go back to step 2 and figure out why your routing is different then what you expect.

4) Look at your DNS client configuration.  I recommend using either a DNS server, or a single gateway (i.e. firewall) that then uses a couple DNS servers.  

5) NSlookup can be very useful for seeing what your machine is seeing.  Google it for more info on how to use it.

I suspect your routing tables are warped.  You may even have circular routing going on.  For the routers to do their job each IP range has to be unique.  So if home is 192.168.72.x and office is 192.168.1.x and shop is 192.168.3.x you're fine.
but if you try to use 192.168.3.x for shop and home you have an issue if there are two routers there.  The routers will get confused.  It helps to think of a routing table the way you think of a tree, with branches.  A branch can only connect to a higher branch or the trunk.  It shouldn't cross levels and touch multiple branches.  There are ways to make this alot more complicated, but I think for what you are doing and describing it's best to make it work and keep it basic.

Author Comment

ID: 17943093
thanks ntjock, i am giving you the points due to the effort on the comment.  i suspect you are correct and will go down that path.

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question