Solved

Unable to Connect to Website over VPN

Posted on 2009-07-07
18
886 Views
Last Modified: 2013-12-08
We have a bit of a puzzler.

We have an end user, working remotely from home, who is unable to connect to a particular website when she is on our VPN.

The user system specs are: Windows XP SP 3, IE 8. She is on Cisco VPN Client 5.0.02.0090.

She can get to the website when she is not on the VPN. We were able to get to the website over our normal network connection, and over the VPN from our corporate location.

Any suggestions? (Other than having the user access the website off of the VPN?)
0
Comment
Question by:KIP Help
  • 7
  • 5
  • 2
  • +3
18 Comments
 

Expert Comment

by:fa2lerror
ID: 24796965
I have a PIX at a few clients locations. external web access does not work when using the VPN. Sorry.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 24796970
Can she ping the website by name?
Can she ping the website by IP?
Is it your web site?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 24796981
"external web access does not work when using the VPN. Sorry."

What???

Split tunneling.  Easy cheesy.

Buzz.  Thanks for playing.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 30

Expert Comment

by:renazonse
ID: 24797030
Depending on how the VPN is configured she may be able to get internet access just by checking the "allow local lan access" checkbox within the configuration of the VPN profile under the transport tab

Otherwise, RPPreacher is correct you'll need a split tunnel configured on the device.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 24797060
The way the question is phrased ("a particular website") reads like "she can access every web site EXCEPT 1".

The first thing to determine is if this is a DNS or routing issue.

THUS

Can she ping the website by name?
Can she ping the website by IP?
Is it your web site?
0
 

Author Comment

by:KIP Help
ID: 24797098
@ fa2lerror: She is able to access other websites on the VPN, just not this particular site.

@RPPreacher: She is unable to ping the website by name or by IP. Interestingly enough, I was just speaking with her and testing the website again. Here in the office (because we can connect), we discovered that the website redirects to a secured site. The interesting part is that she cannot connect to the secured site either, however, she can ping the secured site via name and IP.

The secured site that is redirected to has an entirely different domain name than the original site.

This is a third-party site and not our corporate website.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 24797114
Do you do URL filtering on the PIX?
Have you checked her PC for viruses/malware?
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 24797139
Is the IP of the redirected site anything close to your VPN pool/internal IP range or any ACL on the PIX defined as "interesting traffic"?

WAIT!!!!

Does she have a pop-up blocker?  Either IE or google tool bar or some other such nonsense?  They dislike redirects.
0
 
LVL 30

Expert Comment

by:renazonse
ID: 24797158
Ah...I failed to read the entire question myself.

Does the VPN subnet have access to ports other than 80 from outside the network? Sounds like the site redirects to port 443 or some other secure port that's being blocked by the device.
0
 

Author Comment

by:KIP Help
ID: 24797313
I'll need to pass the URL filtering question onto our network admins, I don't handle that portion. (Though if it's any help with the brain storming, we do have Websense.)

However, her PC has not been checked for viruses, nor for pop-up blockers. I'll look into that one.
0
 

Expert Comment

by:fa2lerror
ID: 24798310
I am not a Cisco admin and rely on others for my programming. all other vendors do allow "split tunnelling". the few clients that run cisco and their admins claim the firewall does not support split tunnelling thus my answer. it could be that the versions of our PIX501 and IOS are our issues and limiting this feature set. I dont really know.
again in our setups, split tunnelling is not available nor can I access remote office subnets when vpn'd into main network.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 24798317
"split tunnelling is not available"

Definitely not a limitation of the PIX nor relevant to the question though.
0
 
LVL 14

Expert Comment

by:Ehab Salem
ID: 24803016
Is she getting the Websense blockpage or page cannot be displayed or what?
0
 

Author Comment

by:KIP Help
ID: 24804055
She is not getting a blocked page, but a "page cannot be displayed" error.
0
 

Accepted Solution

by:
shahyan earned 250 total points
ID: 24898283
I am having the same issue with one of my remote users who is trying to access our website over the tunnel.  The one similarity I see is that we do a redirect from  a non-secure to a secure (https) location as well.  Not sure if that is the culprit here.
0
 

Author Comment

by:KIP Help
ID: 24903359
We had the problem temporarily resolved: we flushed her DNS cache and she connected fine. However, the problem is recurring again. Is there anyway to force the PC to continually flush the DNS cache instead of doing it manually?
0
 
LVL 20

Assisted Solution

by:RPPreacher
RPPreacher earned 250 total points
ID: 24903736
that's weird.  Is it resolving differently internally than externally.  This happens sometimes with internal sites.

To answer your question, you could

(1)  Create a bat file and a scheduled task
(2)  Create a bat file and a shortcut that runs on log on
(3)  Edit the hosts file to include an entry for the problem site (so it doesn't rely on DNS)
0
 

Author Closing Comment

by:KIP Help
ID: 31624400
The issue has been resolved; the problem appeared to have something to do with her ISP assigning the same subnet and IP addresses as our VPN does. I'm not technical enough on the networking end to explain or even understand what happened, but I'm splitting the points for the suggestions and prompts along the way,.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question