Solved

Global VPN Connection Kills Internet Connection

Posted on 2007-12-03
27
993 Views
Last Modified: 2013-11-16
Hey guys,

I've looked this up, but can't seem to find an answer. I've managed to make a successful connection to my TZ170 and connect to my network. Everything works fine on the VPN, but the connection kills my internet connection on the client's computer. I don't know what else to try. I've tried switching on Split Tunneling and still get nothing. Any ideas or suggestions? I really  need to get this moving. Please let me know. Thank you!
0
Comment
Question by:pitsbros
  • 12
  • 10
  • 5
27 Comments
 
LVL 21

Expert Comment

by:from_exp
ID: 20401226
Hi there!
The problem should be in split tunneling.
What networks do you negotiate on the remote vpn client?
You should configure to negotiate only your corporate lan like 192.168.1.0/24
but in your case, when no internet connection available you're negotiating 0.0.0.0/0
0
 
LVL 5

Expert Comment

by:ina_don
ID: 20401301
Ok. How many people are using this setup that you have. I'd think the problem that you are having is with the routes that are being setup once your connection is established. Apart from that, give the ip setup that you have and the network settings that you have. Are you supposed to access the net from your office lan once you are connected? Is there a specific configuration that is made on your machine?
0
 

Author Comment

by:pitsbros
ID: 20402767
Here's what I have. I have a Domain network here at work that I am trying to VPN to. I am using SonicWall Global Client to connect via the Sonicwall TZ170 here at the office from a standard Cable/DSL connection at home. Everything on my connection at home is via wireless to a router at home, but all settings are set to automatic. I am the only one trying to connect via the VPN. No other users are attempting connection. I am not trying to access the internet from my LAN via the VPN, I wish to keep my local connection at home while tunneling to the Network at the office and it doesn't seem to be working.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20402877
Ok, i got you.
So you have to configure TZ170 to allow to your home tunnel only your work network (local protected network)
and than you have to configure vpn client to access only your work network remotely.
thats it
if you have vpn client without any settings (e.g. all settings are configured on the VPN gateway only and client works according to those settings), then you have to add local protected network on your TZ170
0
 

Author Comment

by:pitsbros
ID: 20403053
Not sure what you're saying...

I thought I had everything already configured.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20403362
here is manual:
http://www.sonicwall.com/downloads/SonicOS_Enhanced_3.1_Administrators_Guide.pdf

page 298
you have to configure split tunneling on your router
0
 

Author Comment

by:pitsbros
ID: 20404034
Split Tunneling was selected on the policy in the Firewall and it's not working.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20404580
is that policy active?
what type of vpn client do you have on your windows xp?
0
 

Author Comment

by:pitsbros
ID: 20404593
I'm using Sonicwall Global VPN Client. Latest version. and Yes, the policy is active. It's the only one there.
0
 
LVL 5

Expert Comment

by:ina_don
ID: 20404651
Is it possible for you to post this config file that you exported from your Sonic and used to configure your client. I'm hoping that its some kind of text file that we can quickly look at and advise. I'd say remove the private info by altering it reasonably to continue to convey the message without giving away you actual config... say if you ip is 169.254.192.200 change it to say 199.143.223.66 [I wonder whose IP is that - sorry] and whatever can be changed or removed without obscuring the point.
0
 

Author Comment

by:pitsbros
ID: 20404734
Doesn't look like it. All I can do is export an EXP file from the Sonicwall and that's it. Don't know what you can read it with... Should I take screen shots of the 4 pages of the VPN Policy Config?
0
 

Author Comment

by:pitsbros
ID: 20404830
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20405293
remove set default route as this gateway
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 5

Expert Comment

by:ina_don
ID: 20405329
On the client try removing the set default route as this gateway option and see if that helps you.

See if you can open that exp file with notepad.
0
 

Author Comment

by:pitsbros
ID: 20405433
Setting Default Route as this Gateway did not help. VPN works great, just can't get internet...oye!

Can't open EXP file with notepad. Just a bunch of garbled text.
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20405483
vpn terminate at lan/opt?
btw, if you'll check apply nat and firewall rules you'll be able to access the internet, but via your sonicwall ;)
sometimes abroad traffic from your company is better ;)
0
 
LVL 5

Expert Comment

by:ina_don
ID: 20405561
oops I didn't refresh before I responded so it'd seem we had the same idea there from_exp
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20405582
here is a part from the manual i have mentioned before:

Allow Connections to - Client network traffic matching destination networks of each gateway
is sent through the VPN tunnel of that specific gateway.
Àà This Gateway Only - Allows a single connection to be enabled at a time. Traffic that
matches the destination networks as specified in the policy of the gateway is sent through
the VPN tunnel. If this option is selected along with Set Default Route as this Gateway, then
the Internet traffic is also sent through the VPN tunnel. If this option is selected without
selecting Set Default Route as this Gateway, then the Internet traffic is blocked.
Àà All Secured Gateways - Allows one or more connections to be enabled at the same time.
Traffic matching the destination networks of each gateway is sent through the VPN tunnel of
that specific gateway. If this option is selected along with Set Default Route as this
Gateway, then Internet traffic is also sent through the VPN tunnel. If this option is selected
without Set Default Route as this Gateway, then the Internet traffic is blocked. Only one of
the multiple gateways can have Set Default Route as this Gateway enabled.
Àà Split Tunnels - Allows the VPN user to have both local Internet connecivity and VPN
connectivity.
ÀŠ Set Default Route as this Gateway - Enable this check box if all remote VPN connections
access the Internet through this VPN tunnel. You can only configure one VPN policy to use this
setting.
0
 
LVL 5

Expert Comment

by:ina_don
ID: 20405656
When you made the changes did you export a new exp file to reconfigure your client? Thats after removing the set default route as this gateway? coz I think from the manual that what you need to get that internet working. Reboot the machine as well just to ensure that everything is fine.
0
 

Author Comment

by:pitsbros
ID: 20406153
I think at this point accessing the Internet from my company would work better. What should I change from the settings you see on the pages I posted?
0
 
LVL 21

Accepted Solution

by:
from_exp earned 500 total points
ID: 20406204
page 3: apply nat and firewall - on
vpn terminated at lan/opt (try lan also, not sure about this option)
page 4: allow connections to this gateway only + switch on set default route as this gateway

should work
perfectly
0
 

Author Comment

by:pitsbros
ID: 20406256
OK. I will try it and test it from home. I don't think there's a way to test it from inside the network is there?
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20406300
you can test it from office also.
make vpn connection (to the wan ip of your sonicwall) and test the internet.
if you have it - then everithing is ok
0
 

Author Comment

by:pitsbros
ID: 20406342
Cool. I'll try and let you know. Thank you!
0
 

Author Comment

by:pitsbros
ID: 20406390
What IP should be in the box on Page 3? Same as there? That's the firewall...
0
 

Author Comment

by:pitsbros
ID: 20406431
I can't apply NAT and Firewall Rules while Default Gateway is enabled...gives me this error...

Error: Cannot Apply NAT and Firewall rules while Default Lan Gateway is set
0
 
LVL 21

Expert Comment

by:from_exp
ID: 20406502
ok, so you don't need nat it will do box by default
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now