Solved

VPN NetExtender

Posted on 2014-01-20
17
1,359 Views
Last Modified: 2014-01-27
connect to VPN using net-extender , after being connected to VPN i have no internet on my local system

OS is Win7Pro
0
Comment
Question by:JAtkins3
  • 9
  • 4
  • 4
17 Comments
 
LVL 92

Expert Comment

by:John Hurst
ID: 39795122
Are you using Microsoft PPTP VPN?  That is not split tunnel by design.

.... Thinkpads_User
0
 

Author Comment

by:JAtkins3
ID: 39795130
No SonicWall net extender
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 39795149
So then it is IPsec?   Split tunnel is normally default in IPsec (does not have to be).

Check the SonicWall setting for split tunnel. That is the setting/variable that allows Internet alongside a VPN tunnel.

You can check if NAT Traversal is set (thinking of the Extender) but that setting should not affect the ability to use Internet.

.... Thinkpads_User
0
 

Author Comment

by:JAtkins3
ID: 39795178
I can connect through the VPN  no problem. I can open an ip address on the remote network no peoblem, but when I open up my browser to get out to the internet it will not allow me to get anywhere

I found this information but unable to find the proper configuration
"To disable the Use Default Gateway on Remote Network setting in the VPN dial-up connection item on the client computer:
Double-click My Computer, and then click the Network and Dial-up Connections link.
Right-click the VPN connection that you want to change, and then click Properties.
Click the Networking tab, click Internet Protocol (TCP/IP) in the Components checked are used by this connection list, and then click Properties.
Click Advanced, and then click to clear the Use default gateway on remote network check box.
Click OK, click OK, and then click OK."
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 39795190
I am not sure what settings in Windows you need to apply. For hardware VPN boxes, there are no Windows settings to take into account.

To disable the Use Default Gateway on Remote Network setting in the VPN dial-up connection item on the client computer:

VPN Dial-up is PPTP, so are you really sure you are not using that?  If not, the article probably does not apply.

Do you have SonicWall VPN boxes at both end?  What is at the remote end?

.... Thinkpads_User
0
 

Author Comment

by:JAtkins3
ID: 39795197
Sonicwall box at client at my house just the the software (SonicWall) Net extender
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 39795214
If you are connecting to VPN dial up at the Server, then you are using PPTP and that is why no Internet normally.

I use a Cisco VPN box in my home office to connect to client Juniper boxes. The protocol is IPsec VPN and I have no problem getting out to Internet.

If somehow it worked without the Net Extender (not clear that it would have worked), then the Net Extender is conflicting, but I do not know how.

.... Thinkpads_User
0
 

Author Comment

by:JAtkins3
ID: 39795303
Thank you for your time
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:JAtkins3
ID: 39795309
anyone else that may have a solution to use Sonicwall net-extender and my internet at the same time?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39796268
Hi JAtkins3,

The reason you cannot connect to the Intent using the SSL-VPN is most likely due to a misconfiguration of the Tunnel All mode in the SSL-VPN server.

To allow your end users access to internet over the UTM-SSLVPN, you will need to allow “WAN RemoteAccess Networks” (a network address object whose value 0.0.0.0 acts like a default route), and the Tunnel All option must be selected on the Client Routes page.  The method below is appropriate when the administrator wants all of their NetExtender users to have their internet access provided through the SSL-VPN otherwise disable Tunnel All mode.  Be sure that you are not overwhelming the internet bandwidth at the location where the firewall is installed, as this traffic will be added to the other loads from inside the network.
Step 1: On the SonicWALL, go to SSL-VPN > Client Routes screen, enable the Tunnel All option in the drop down menu.

Step 2: On the Users > Local Groups screen, configure SSLVPN Services group and under tab “VPN Access,” add the object WAN RemoteAccess Networks.

Step 3: No custom rules are needed on the Firewall > Access Rules screen for this to work.  You can see auto-added rules in the section SSLVPN to WAN.
Let me know if you have any questions!
0
 

Author Comment

by:JAtkins3
ID: 39797432
I don't have the access to the sonicwall I am only using the client I. My home PC. I administrate a PBX and after I VPN in I go directly to a specific IP address.  

If I am logged into this VPN and I want to check my email or update a ticket as I go. I can't. It will not allow me to connect to my Own internet.  Which is FiOS.

I have to log off update notes log back into the VPN.  Work.  Log off update notes ect...
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39797684
Unfortunately, you'd need to have admin rights to the SonicWALL to change this. It has not been setup properly. You can forward my post (http:#a39796268) to your network admin and have him change it. If you do what I said in my post it will resolve your issue...it is a common misconfiguration with SSL-VPN Servers.
0
 

Author Comment

by:JAtkins3
ID: 39798336
I don't understand why would this block the use of my own internet, I can not find any means to split my connection.
0
 

Author Comment

by:JAtkins3
ID: 39798656
Maybe I need to be a little more clear
   I do not want to use the internet over the VNP , I want to use my own internet on my local PC/system
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39811171
I don't understand why would this block the use of my own internet, I can not find any means to split my connection.
This is because the admin has most likely configured the SSL-VPN for Tunnel All mode. As I explained in my previous comment (http:#a39796268), Tunnel All mode routes everything through the VPN (your internet traffic too).

I do not want to use the internet over the VNP , I want to use my own internet on my local PC/system
The only way to achieve what you are wanting to do is as I have described in comment http:#a39796268 or have the admin switch it to split mode. Though, I doubt they will grant your request to change it from Tunnel all to split mode as this is most likely selected for security or other explicit reasons.

Make sense?
0
 

Author Comment

by:JAtkins3
ID: 39812162
yes it makes sense ty
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39812877
You're welcome. I'm glad I could help and thanks for the points!
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now