Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


resolving websites when vpn connection

Posted on 2006-11-03
Medium Priority
Last Modified: 2010-04-12
Hello All,

On our work network we have a number of public IP's.  I have placed a Linksys BEFSX41 at one of the public addresses and the other one at home behind another linksys firewall.

I can sucessfully make the vpn tunnel and everything is working fine from the home side of the network.  I have a voip phone that connects perfectly to the ipbx at work, can remote desktop etc perfectly.  here is the problem... once the vpn tunnel is established on the work side of the network local devices can no longer resolve (some) websites.  i can get to etc but not other sites.  https sites seem to work.  what is strange is that it doesn't appear to be a dns issue because even if i go to the ip addresses of the websites they do not appear, can't ping, tracert etc.  I have tried the mtu settings to no avail.  if i disconnect the vpn then the problem dissapears.

i am really confused now.

any help greatly appreciated.

Regards, Charles
Question by:chcalabro
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 77

Expert Comment

by:Rob Williams
ID: 17872934
I assume you are using the Windows VPN and client?  If so, there is a security feature in the VPN client that blocks local connections, including local Internet access, to protect the office/remote network. You can disable this if you wish. To do so on the client/connecting PC, go to:
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"
You may currently be accessing some sites through the corporate network, and being blocked from others either by corporate restrictions or the corporate DNS configuration.

Expert Comment

ID: 17873880
Hi chcalabro,

You have to configure split horizons feature for your VPN connections.
See if you VPN client has Split Horizons. Also its possible that your office VPN server will not allow you to use Split Horizons.


Author Comment

ID: 17874683
Robwill they are not using the vpn client they are just accessing the internet via the router which is their gateway.  once the home vpn router connects to the office vpn router and the tunnel is established then the pc's on the office side of the network fail to connect to the internet properly.

nitaadmin thanks i will check this although i have not heard of it before.

Thanks for posting!
ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

LVL 77

Expert Comment

by:Rob Williams
ID: 17874815
Sorry I misunderstood. So you are saying that at the main office these users loose access to some web sites when a home user connects via VPN. If so, check that the home user is using a different subnet than the office. For example if the office uses 192.168.1.x then the home site must use something else.If they are the same, it is possible there are some routing conflicts if RRAS is set upon the server.

Author Comment

ID: 17874884
Hi RObwill, the subnet is the same but the office is on a 192.168.1.x range and home is on a 192.168.72.x range does the subnet still need to be different.
LVL 77

Expert Comment

by:Rob Williams
ID: 17875011
Subnet = 192.168.1.x or 192.168.72.x
Subnet mask =
So you are fine. Subnets need to be different but subnet masks can be the same.
It was just a thought.

Author Comment

ID: 17875043
again it is only when the tunnel is established that the connections on the 192.168.1.x range go nowhere, the 192.168.72.x machines are fine.

Accepted Solution

NTJOCK earned 1500 total points
ID: 17886928
I'd look at a few things:

1) Try to reduce the number of public IPs.  This makes your routing tables simpler.  May not always be practical.    

2) Examine your routing tables.  It may help to write them down and then "trace" by pencil how a packet would go to the outside world.

3) using tracert, see where the packet is going.  This should match what you see in step 2.  If it doesn't go back to step 2 and figure out why your routing is different then what you expect.

4) Look at your DNS client configuration.  I recommend using either a DNS server, or a single gateway (i.e. firewall) that then uses a couple DNS servers.  

5) NSlookup can be very useful for seeing what your machine is seeing.  Google it for more info on how to use it.

I suspect your routing tables are warped.  You may even have circular routing going on.  For the routers to do their job each IP range has to be unique.  So if home is 192.168.72.x and office is 192.168.1.x and shop is 192.168.3.x you're fine.
but if you try to use 192.168.3.x for shop and home you have an issue if there are two routers there.  The routers will get confused.  It helps to think of a routing table the way you think of a tree, with branches.  A branch can only connect to a higher branch or the trunk.  It shouldn't cross levels and touch multiple branches.  There are ways to make this alot more complicated, but I think for what you are doing and describing it's best to make it work and keep it basic.

Author Comment

ID: 17943093
thanks ntjock, i am giving you the points due to the effort on the comment.  i suspect you are correct and will go down that path.

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question