Solved

VPN NetExtender

Posted on 2014-01-20
17
1,349 Views
Last Modified: 2014-01-27
connect to VPN using net-extender , after being connected to VPN i have no internet on my local system

OS is Win7Pro
0
Comment
Question by:JAtkins3
  • 9
  • 4
  • 4
17 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 39795122
Are you using Microsoft PPTP VPN?  That is not split tunnel by design.

.... Thinkpads_User
0
 

Author Comment

by:JAtkins3
ID: 39795130
No SonicWall net extender
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 39795149
So then it is IPsec?   Split tunnel is normally default in IPsec (does not have to be).

Check the SonicWall setting for split tunnel. That is the setting/variable that allows Internet alongside a VPN tunnel.

You can check if NAT Traversal is set (thinking of the Extender) but that setting should not affect the ability to use Internet.

.... Thinkpads_User
0
 

Author Comment

by:JAtkins3
ID: 39795178
I can connect through the VPN  no problem. I can open an ip address on the remote network no peoblem, but when I open up my browser to get out to the internet it will not allow me to get anywhere

I found this information but unable to find the proper configuration
"To disable the Use Default Gateway on Remote Network setting in the VPN dial-up connection item on the client computer:
Double-click My Computer, and then click the Network and Dial-up Connections link.
Right-click the VPN connection that you want to change, and then click Properties.
Click the Networking tab, click Internet Protocol (TCP/IP) in the Components checked are used by this connection list, and then click Properties.
Click Advanced, and then click to clear the Use default gateway on remote network check box.
Click OK, click OK, and then click OK."
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 39795190
I am not sure what settings in Windows you need to apply. For hardware VPN boxes, there are no Windows settings to take into account.

To disable the Use Default Gateway on Remote Network setting in the VPN dial-up connection item on the client computer:

VPN Dial-up is PPTP, so are you really sure you are not using that?  If not, the article probably does not apply.

Do you have SonicWall VPN boxes at both end?  What is at the remote end?

.... Thinkpads_User
0
 

Author Comment

by:JAtkins3
ID: 39795197
Sonicwall box at client at my house just the the software (SonicWall) Net extender
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 39795214
If you are connecting to VPN dial up at the Server, then you are using PPTP and that is why no Internet normally.

I use a Cisco VPN box in my home office to connect to client Juniper boxes. The protocol is IPsec VPN and I have no problem getting out to Internet.

If somehow it worked without the Net Extender (not clear that it would have worked), then the Net Extender is conflicting, but I do not know how.

.... Thinkpads_User
0
 

Author Comment

by:JAtkins3
ID: 39795303
Thank you for your time
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 

Author Comment

by:JAtkins3
ID: 39795309
anyone else that may have a solution to use Sonicwall net-extender and my internet at the same time?
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39796268
Hi JAtkins3,

The reason you cannot connect to the Intent using the SSL-VPN is most likely due to a misconfiguration of the Tunnel All mode in the SSL-VPN server.

To allow your end users access to internet over the UTM-SSLVPN, you will need to allow “WAN RemoteAccess Networks” (a network address object whose value 0.0.0.0 acts like a default route), and the Tunnel All option must be selected on the Client Routes page.  The method below is appropriate when the administrator wants all of their NetExtender users to have their internet access provided through the SSL-VPN otherwise disable Tunnel All mode.  Be sure that you are not overwhelming the internet bandwidth at the location where the firewall is installed, as this traffic will be added to the other loads from inside the network.
Step 1: On the SonicWALL, go to SSL-VPN > Client Routes screen, enable the Tunnel All option in the drop down menu.

Step 2: On the Users > Local Groups screen, configure SSLVPN Services group and under tab “VPN Access,” add the object WAN RemoteAccess Networks.

Step 3: No custom rules are needed on the Firewall > Access Rules screen for this to work.  You can see auto-added rules in the section SSLVPN to WAN.
Let me know if you have any questions!
0
 

Author Comment

by:JAtkins3
ID: 39797432
I don't have the access to the sonicwall I am only using the client I. My home PC. I administrate a PBX and after I VPN in I go directly to a specific IP address.  

If I am logged into this VPN and I want to check my email or update a ticket as I go. I can't. It will not allow me to connect to my Own internet.  Which is FiOS.

I have to log off update notes log back into the VPN.  Work.  Log off update notes ect...
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39797684
Unfortunately, you'd need to have admin rights to the SonicWALL to change this. It has not been setup properly. You can forward my post (http:#a39796268) to your network admin and have him change it. If you do what I said in my post it will resolve your issue...it is a common misconfiguration with SSL-VPN Servers.
0
 

Author Comment

by:JAtkins3
ID: 39798336
I don't understand why would this block the use of my own internet, I can not find any means to split my connection.
0
 

Author Comment

by:JAtkins3
ID: 39798656
Maybe I need to be a little more clear
   I do not want to use the internet over the VNP , I want to use my own internet on my local PC/system
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39811171
I don't understand why would this block the use of my own internet, I can not find any means to split my connection.
This is because the admin has most likely configured the SSL-VPN for Tunnel All mode. As I explained in my previous comment (http:#a39796268), Tunnel All mode routes everything through the VPN (your internet traffic too).

I do not want to use the internet over the VNP , I want to use my own internet on my local PC/system
The only way to achieve what you are wanting to do is as I have described in comment http:#a39796268 or have the admin switch it to split mode. Though, I doubt they will grant your request to change it from Tunnel all to split mode as this is most likely selected for security or other explicit reasons.

Make sense?
0
 

Author Comment

by:JAtkins3
ID: 39812162
yes it makes sense ty
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39812877
You're welcome. I'm glad I could help and thanks for the points!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now