royalcyber
asked on
cannot browse in IE while connected to cisco VPN
I am connected to the vpn of a customer using the cisco vpn client ; when I am connecte dI am not able to browse internet ;any idea why ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
(It could also be down to routing, i.e. the default route is heading through the VPN).
yes, this shoudl be your issue
in modify or properties of your connection entry, go to the Transport tab and at the bottom check off Allow Local LAN Access
tell me if that works
in modify or properties of your connection entry, go to the Transport tab and at the bottom check off Allow Local LAN Access
tell me if that works
That or the administrator is not passing a DNS address when they pass the new IP to you.
That is because your default gateway has been modified to point to the local network to which you are connecting.
So, now if you want to access internet, you need to configuring our browser to use proxy server in the remote network.
To see the changes, do this:
open DOS prompt.
Before connecting VPN.
print route > c:\vpnb.txt
Now connect the vpn.
print route > c:\vpna.txt
Both these files will contain your routing table before and after the VPN is connected.
So, now if you want to access internet, you need to configuring our browser to use proxy server in the remote network.
To see the changes, do this:
open DOS prompt.
Before connecting VPN.
print route > c:\vpnb.txt
Now connect the vpn.
print route > c:\vpna.txt
Both these files will contain your routing table before and after the VPN is connected.
yeah, but he should not use internet access through the end point. he should only be passing LAN traffic through the tunnel. being that he has internet access already there is no sense to browse through the tunnel back out through the enpoints internet access. he should be using his own gateway for standard internet browsing.
he should not have to make any other change but the one i recommended. but lets see what he says
if what i recommended earlier doesnt work, then i would check the cisco endpoint and see if that vpn group is also configured for split tunneling.
http://www.webopedia.com/TERM/S/split_tunneling.html
http://www.webopedia.com/TERM/S/split_tunneling.html
Thats what I was getting at I think (not familiar wit the other end in this case). i.e. if the other end is enforcing such as setting then you can't easily override your end.
ASKER
when i check off Allow Local LAN Access; than I could connect to the yahoo messenger
but still cannot connect to google.com
but still cannot connect to google.com
hate to ask, but did you disconnect the client and then reestablish the vpn connection? and were you able to access the yahoo messanger before the change?
The older Cisco VPN client (around version 4.0.3 if I remember right) had various issues with LAN routing... At least in our environment.
You may want to try updating to the most recent client, if you have not already...
I'm on 4.8.01.0300 with no issues. We had a few clients on the older one with similar issues.
FS-
You may want to try updating to the most recent client, if you have not already...
I'm on 4.8.01.0300 with no issues. We had a few clients on the older one with similar issues.
FS-
Most probably your client has not configured split tunneling on their vpn device.
Yea, it's split tunneling. I don't allow it on my firewall VPN connections. It creates a backdoor to the Internet for network you a VPN'ed into.
So sound like what I said in post #1 then really aside from the specific name of the function - I.e. you are in the hands of the people you are connecting to.
Make your life easier download vmware of virtual pc, bung in a 2000 or XP disc and setup a second OS to run the VPN on your existing machine (2000 uses less memory better if it is limited)
If I was your customer I wouldn't want a foreign network connected directly with mine like this either, it is fairly common practice, in fact on all corporate VPNs I connect to it is the case
Make your life easier download vmware of virtual pc, bung in a 2000 or XP disc and setup a second OS to run the VPN on your existing machine (2000 uses less memory better if it is limited)
If I was your customer I wouldn't want a foreign network connected directly with mine like this either, it is fairly common practice, in fact on all corporate VPNs I connect to it is the case