• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1180
  • Last Modified:

Global VPN Connection Kills Internet Connection

Hey guys,

I've looked this up, but can't seem to find an answer. I've managed to make a successful connection to my TZ170 and connect to my network. Everything works fine on the VPN, but the connection kills my internet connection on the client's computer. I don't know what else to try. I've tried switching on Split Tunneling and still get nothing. Any ideas or suggestions? I really  need to get this moving. Please let me know. Thank you!
0
pitsbros
Asked:
pitsbros
  • 12
  • 10
  • 5
1 Solution
 
from_expCommented:
Hi there!
The problem should be in split tunneling.
What networks do you negotiate on the remote vpn client?
You should configure to negotiate only your corporate lan like 192.168.1.0/24
but in your case, when no internet connection available you're negotiating 0.0.0.0/0
0
 
ina_donCommented:
Ok. How many people are using this setup that you have. I'd think the problem that you are having is with the routes that are being setup once your connection is established. Apart from that, give the ip setup that you have and the network settings that you have. Are you supposed to access the net from your office lan once you are connected? Is there a specific configuration that is made on your machine?
0
 
pitsbrosAuthor Commented:
Here's what I have. I have a Domain network here at work that I am trying to VPN to. I am using SonicWall Global Client to connect via the Sonicwall TZ170 here at the office from a standard Cable/DSL connection at home. Everything on my connection at home is via wireless to a router at home, but all settings are set to automatic. I am the only one trying to connect via the VPN. No other users are attempting connection. I am not trying to access the internet from my LAN via the VPN, I wish to keep my local connection at home while tunneling to the Network at the office and it doesn't seem to be working.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
from_expCommented:
Ok, i got you.
So you have to configure TZ170 to allow to your home tunnel only your work network (local protected network)
and than you have to configure vpn client to access only your work network remotely.
thats it
if you have vpn client without any settings (e.g. all settings are configured on the VPN gateway only and client works according to those settings), then you have to add local protected network on your TZ170
0
 
pitsbrosAuthor Commented:
Not sure what you're saying...

I thought I had everything already configured.
0
 
from_expCommented:
here is manual:
http://www.sonicwall.com/downloads/SonicOS_Enhanced_3.1_Administrators_Guide.pdf

page 298
you have to configure split tunneling on your router
0
 
pitsbrosAuthor Commented:
Split Tunneling was selected on the policy in the Firewall and it's not working.
0
 
from_expCommented:
is that policy active?
what type of vpn client do you have on your windows xp?
0
 
pitsbrosAuthor Commented:
I'm using Sonicwall Global VPN Client. Latest version. and Yes, the policy is active. It's the only one there.
0
 
ina_donCommented:
Is it possible for you to post this config file that you exported from your Sonic and used to configure your client. I'm hoping that its some kind of text file that we can quickly look at and advise. I'd say remove the private info by altering it reasonably to continue to convey the message without giving away you actual config... say if you ip is 169.254.192.200 change it to say 199.143.223.66 [I wonder whose IP is that - sorry] and whatever can be changed or removed without obscuring the point.
0
 
pitsbrosAuthor Commented:
Doesn't look like it. All I can do is export an EXP file from the Sonicwall and that's it. Don't know what you can read it with... Should I take screen shots of the 4 pages of the VPN Policy Config?
0
 
from_expCommented:
remove set default route as this gateway
0
 
ina_donCommented:
On the client try removing the set default route as this gateway option and see if that helps you.

See if you can open that exp file with notepad.
0
 
pitsbrosAuthor Commented:
Setting Default Route as this Gateway did not help. VPN works great, just can't get internet...oye!

Can't open EXP file with notepad. Just a bunch of garbled text.
0
 
from_expCommented:
vpn terminate at lan/opt?
btw, if you'll check apply nat and firewall rules you'll be able to access the internet, but via your sonicwall ;)
sometimes abroad traffic from your company is better ;)
0
 
ina_donCommented:
oops I didn't refresh before I responded so it'd seem we had the same idea there from_exp
0
 
from_expCommented:
here is a part from the manual i have mentioned before:

Allow Connections to - Client network traffic matching destination networks of each gateway
is sent through the VPN tunnel of that specific gateway.
Àà This Gateway Only - Allows a single connection to be enabled at a time. Traffic that
matches the destination networks as specified in the policy of the gateway is sent through
the VPN tunnel. If this option is selected along with Set Default Route as this Gateway, then
the Internet traffic is also sent through the VPN tunnel. If this option is selected without
selecting Set Default Route as this Gateway, then the Internet traffic is blocked.
Àà All Secured Gateways - Allows one or more connections to be enabled at the same time.
Traffic matching the destination networks of each gateway is sent through the VPN tunnel of
that specific gateway. If this option is selected along with Set Default Route as this
Gateway, then Internet traffic is also sent through the VPN tunnel. If this option is selected
without Set Default Route as this Gateway, then the Internet traffic is blocked. Only one of
the multiple gateways can have Set Default Route as this Gateway enabled.
Àà Split Tunnels - Allows the VPN user to have both local Internet connecivity and VPN
connectivity.
ÀŠ Set Default Route as this Gateway - Enable this check box if all remote VPN connections
access the Internet through this VPN tunnel. You can only configure one VPN policy to use this
setting.
0
 
ina_donCommented:
When you made the changes did you export a new exp file to reconfigure your client? Thats after removing the set default route as this gateway? coz I think from the manual that what you need to get that internet working. Reboot the machine as well just to ensure that everything is fine.
0
 
pitsbrosAuthor Commented:
I think at this point accessing the Internet from my company would work better. What should I change from the settings you see on the pages I posted?
0
 
from_expCommented:
page 3: apply nat and firewall - on
vpn terminated at lan/opt (try lan also, not sure about this option)
page 4: allow connections to this gateway only + switch on set default route as this gateway

should work
perfectly
0
 
pitsbrosAuthor Commented:
OK. I will try it and test it from home. I don't think there's a way to test it from inside the network is there?
0
 
from_expCommented:
you can test it from office also.
make vpn connection (to the wan ip of your sonicwall) and test the internet.
if you have it - then everithing is ok
0
 
pitsbrosAuthor Commented:
Cool. I'll try and let you know. Thank you!
0
 
pitsbrosAuthor Commented:
What IP should be in the box on Page 3? Same as there? That's the firewall...
0
 
pitsbrosAuthor Commented:
I can't apply NAT and Firewall Rules while Default Gateway is enabled...gives me this error...

Error: Cannot Apply NAT and Firewall rules while Default Lan Gateway is set
0
 
from_expCommented:
ok, so you don't need nat it will do box by default
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 12
  • 10
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now