Link to home
Start Free TrialLog in
Avatar of johndl
johndl

asked on

VPN Problem

I have Windows XP VPN set up to access my network at work [gateway 192.168.23.1] from my network at home [gateway 192.168.0.1].  I have a DLink DSL524T router  at work, which allows VPN and the relevant forwarding is set up OK to the required PC, which is on 192.168.23.10.  I have set up this PC to accept incoming calls and the VPN opens and authenticates OK.  Both machines are running Windows XP SP3.

When the VPN is connected, I cannot access my local network or internet.  I am aware that is is a common problem and I have unticked the "use default gateway" box in the advanced TCP/IP settings, but it still have no access to either local network or internet.  The strange thing about all this is that I did not have this problem until I replaced the PCs, which were running Windows XP Pro SP2, because I needed faster machines.

Can anyone advise how I can retain local network access?

Regards
Avatar of MikeKane
MikeKane
Flag of United States of America image

You are correct.   Once the VPN is established all traffic is sent via the gateway to the remote corp network.  

You have basically 2 options.  
#1 Split tunneling: http://www.redline-software.com/eng/support/articles/isaserver/security/remote_access_vpn_and_a_twist_on_the_dangers_of_split_tunneling.php

#2 Uncheck the default gateway and add routes to the specific machines or subnets to access. http://www.eggheadcafe.com/software/aspnet/33840056/cannot-ping-within-local.aspx

Hope that helps.
Avatar of johndl
johndl

ASKER

MikeKane

Thanks for your quick response - I'll try these and get back to you.

Do you know why I had no problem doing this when I used XP Pro with SP2?

Regards
Not sure.  Check that the XP firewall isn't interfering.  Maybe the original config had this setup with static routes on its local routing table.   Can't really say, I'm just guessing without comparing the 2 configs.
Avatar of johndl

ASKER

MikeKane

I've been looking at your options and I'm afraid I'm somewhat mystified.  Option #1 seems to be saying that unticking the "Use default gateway on remote network " tickbox, or am I missing something?  This does not appear to work in my case.

Option #2 requires routing.  If I supply the output of ipconfig /all for both the VPN & non-VPN cases, can you give me more guidance on how to do this routing?

Incidentally, I have just set up the VPN to my works PC from my laptop, networked to my home network and running XP SP2 Home.  This works fine with no problem at all in accessing the local network simultaneously with the VPN linked.

Help!!

Well, if your laptop worked from home with local Lan access and remote access working with the exact same VPN config, then I think we can rule out the VPN config.   Lets instead look at the PC you are using with the issue.    Check for the windows firewall, disable for testing.   Lookfor other 3rd party security products (i.e. comodo, zone alarm) and disable or remove temporarily for testing.      I assume that the trouble PC can access the local lan without issue when the VPN is not connected..?
Avatar of johndl

ASKER

Hi

The Windows firewall is diasabled anyway.  I use NAV and have now tried disabling everything on that I can find, but to no effect.  The local PC can access the local LAN with no problem when the VPN is not connected.
ASKER CERTIFIED SOLUTION
Avatar of MikeKane
MikeKane
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of johndl

ASKER

MikeKane

I must apologise, I have given you some wrong information.  I now discover that the laptop is not mainatining connection to the LAN when VPN is connected.  When I first connected, it did work OK, but I now note that the local connection is lost.  I'm not sure why the connection apparently worked to start with.

Regards
Avatar of johndl

ASKER

MikeKane

I attach a file with ipconfig /all from the PC
1 without VPN
2 with VPN

Thi sis followed by a Route print
1 without VPN
2 with VPN

Can you advise which traceroute you recommend?

Regards

diag.txt
If I understood, connecting to the VPN initially works to both the remote site and local lan , then eventually fails to the local lan when using the laptop.    Is that correct?

If yes, please check on the trouble PC to see if you have the same symptom.  

The diag file is missing some items.  can you provide:
1) IPconfig /all from the laptop
2) ipconfig /all from the PC
3) route print   from the laptop when not connected
4) route print   from the laptop while connected
5) route print    from the pc when not connected
6) route print    from the pc wwhile connected.

traceroute <ip address>  
from each machine to another machine on the local lan.    You can even traceroute from pc to laptop if you like.....  

Avatar of johndl

ASKER

MikeKane

The diag.txt file supplied has the following in order

ipconfig /all PC not connected
ipconfig /all PC VPN'd
route print PC not connected
route print PC VPN'd

I attach an additional file for the laptop - same configurations

ipconfig /all laptop not connected
ipconfig /all laptop VPN'd
route print laptop not connected
route print laptop VPN'd

I now find that the laptop loses access to the local LAN almost immediately, but it continues internet connection for some time.

Regards
laptop.txt
The output is still missing the ipconfig all....  I'm looking for IP, subnet, dhcp, gateway, dns, wins, hostname for each installed adapter.    
Avatar of johndl

ASKER

MikeKane

Sorry, but I'm not sure how to get this. I'm running ipconfig /all  then route print into the files sent.

How else can I do this?

Can you also advise which traceroute software you recommend - I don't have a copy.

Regards
Avatar of johndl

ASKER

MikeKane

I realised after the above exchange that I have an additional VPN connection from my home machine to another company site and I found that when I connected that VPN, I had no problems with accessing the local network or the internet.  I compared both VPNs at my location and they were set up the same.  I then looked at the route print for both connections and found that the VPN to my work PC was not routing to that network at all, whereas the route print from the company VPN had several references to their local network.

I logged on to my work PC by RDP and changed the TCP/IP assignment from "automatic", which I assume must be the default,  to specific IP addresses on the works network.  I can now connect the VPN and access my local network & internet without problem.  The route print clearly shows references to the works network.

I'm not sure why setting up the 'incoming connection' defaults to "automatic".  Is this a change perhaps in SP3?

Many thanks for your help, with suggestions about the route print, which helped me to get the solution.  I  should like to award you the points.
Avatar of johndl

ASKER

Thanks a lot - I learn something new every day!
I use my Windows XP SP2 machine all of the time to make a VPN connection to a machine running RRAS at our office.  I do uncheck the box labeled "use remote gateway" in the TCP/IP Advanced settings.  This split tunnels just fine all of the time.  I tried once to put Windows XP SP3 on my laptop.  The ISP where I was connected at the time told me that their system was dropping the connection because it was receiving packets destined to internal addresses at our office; in other words the Windows XP SP3 incorrectly routes packets ment for the tunnel to the internet instead.  I used the system restore to put my laptop back on Windows XP SP2 and the problem immediately was gone.