Solved

VPN NetExtender

Posted on 2014-01-20
17
1,426 Views
Last Modified: 2014-01-27
connect to VPN using net-extender , after being connected to VPN i have no internet on my local system

OS is Win7Pro
0
Comment
Question by:JAtkins3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
  • 4
17 Comments
 
LVL 96

Expert Comment

by:Experienced Member
ID: 39795122
Are you using Microsoft PPTP VPN?  That is not split tunnel by design.

.... Thinkpads_User
0
 

Author Comment

by:JAtkins3
ID: 39795130
No SonicWall net extender
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 39795149
So then it is IPsec?   Split tunnel is normally default in IPsec (does not have to be).

Check the SonicWall setting for split tunnel. That is the setting/variable that allows Internet alongside a VPN tunnel.

You can check if NAT Traversal is set (thinking of the Extender) but that setting should not affect the ability to use Internet.

.... Thinkpads_User
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:JAtkins3
ID: 39795178
I can connect through the VPN  no problem. I can open an ip address on the remote network no peoblem, but when I open up my browser to get out to the internet it will not allow me to get anywhere

I found this information but unable to find the proper configuration
"To disable the Use Default Gateway on Remote Network setting in the VPN dial-up connection item on the client computer:
Double-click My Computer, and then click the Network and Dial-up Connections link.
Right-click the VPN connection that you want to change, and then click Properties.
Click the Networking tab, click Internet Protocol (TCP/IP) in the Components checked are used by this connection list, and then click Properties.
Click Advanced, and then click to clear the Use default gateway on remote network check box.
Click OK, click OK, and then click OK."
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 39795190
I am not sure what settings in Windows you need to apply. For hardware VPN boxes, there are no Windows settings to take into account.

To disable the Use Default Gateway on Remote Network setting in the VPN dial-up connection item on the client computer:

VPN Dial-up is PPTP, so are you really sure you are not using that?  If not, the article probably does not apply.

Do you have SonicWall VPN boxes at both end?  What is at the remote end?

.... Thinkpads_User
0
 

Author Comment

by:JAtkins3
ID: 39795197
Sonicwall box at client at my house just the the software (SonicWall) Net extender
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 39795214
If you are connecting to VPN dial up at the Server, then you are using PPTP and that is why no Internet normally.

I use a Cisco VPN box in my home office to connect to client Juniper boxes. The protocol is IPsec VPN and I have no problem getting out to Internet.

If somehow it worked without the Net Extender (not clear that it would have worked), then the Net Extender is conflicting, but I do not know how.

.... Thinkpads_User
0
 

Author Comment

by:JAtkins3
ID: 39795303
Thank you for your time
0
 

Author Comment

by:JAtkins3
ID: 39795309
anyone else that may have a solution to use Sonicwall net-extender and my internet at the same time?
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39796268
Hi JAtkins3,

The reason you cannot connect to the Intent using the SSL-VPN is most likely due to a misconfiguration of the Tunnel All mode in the SSL-VPN server.

To allow your end users access to internet over the UTM-SSLVPN, you will need to allow “WAN RemoteAccess Networks” (a network address object whose value 0.0.0.0 acts like a default route), and the Tunnel All option must be selected on the Client Routes page.  The method below is appropriate when the administrator wants all of their NetExtender users to have their internet access provided through the SSL-VPN otherwise disable Tunnel All mode.  Be sure that you are not overwhelming the internet bandwidth at the location where the firewall is installed, as this traffic will be added to the other loads from inside the network.
Step 1: On the SonicWALL, go to SSL-VPN > Client Routes screen, enable the Tunnel All option in the drop down menu.

Step 2: On the Users > Local Groups screen, configure SSLVPN Services group and under tab “VPN Access,” add the object WAN RemoteAccess Networks.

Step 3: No custom rules are needed on the Firewall > Access Rules screen for this to work.  You can see auto-added rules in the section SSLVPN to WAN.
Let me know if you have any questions!
0
 

Author Comment

by:JAtkins3
ID: 39797432
I don't have the access to the sonicwall I am only using the client I. My home PC. I administrate a PBX and after I VPN in I go directly to a specific IP address.  

If I am logged into this VPN and I want to check my email or update a ticket as I go. I can't. It will not allow me to connect to my Own internet.  Which is FiOS.

I have to log off update notes log back into the VPN.  Work.  Log off update notes ect...
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39797684
Unfortunately, you'd need to have admin rights to the SonicWALL to change this. It has not been setup properly. You can forward my post (http:#a39796268) to your network admin and have him change it. If you do what I said in my post it will resolve your issue...it is a common misconfiguration with SSL-VPN Servers.
0
 

Author Comment

by:JAtkins3
ID: 39798336
I don't understand why would this block the use of my own internet, I can not find any means to split my connection.
0
 

Author Comment

by:JAtkins3
ID: 39798656
Maybe I need to be a little more clear
   I do not want to use the internet over the VNP , I want to use my own internet on my local PC/system
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39811171
I don't understand why would this block the use of my own internet, I can not find any means to split my connection.
This is because the admin has most likely configured the SSL-VPN for Tunnel All mode. As I explained in my previous comment (http:#a39796268), Tunnel All mode routes everything through the VPN (your internet traffic too).

I do not want to use the internet over the VNP , I want to use my own internet on my local PC/system
The only way to achieve what you are wanting to do is as I have described in comment http:#a39796268 or have the admin switch it to split mode. Though, I doubt they will grant your request to change it from Tunnel all to split mode as this is most likely selected for security or other explicit reasons.

Make sense?
0
 

Author Comment

by:JAtkins3
ID: 39812162
yes it makes sense ty
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39812877
You're welcome. I'm glad I could help and thanks for the points!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question