Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1455
  • Last Modified:

VPN NetExtender

connect to VPN using net-extender , after being connected to VPN i have no internet on my local system

OS is Win7Pro
0
JAtkins3
Asked:
JAtkins3
  • 9
  • 4
  • 4
1 Solution
 
John HurstBusiness Consultant (Owner)Commented:
Are you using Microsoft PPTP VPN?  That is not split tunnel by design.

.... Thinkpads_User
0
 
JAtkins3Author Commented:
No SonicWall net extender
0
 
John HurstBusiness Consultant (Owner)Commented:
So then it is IPsec?   Split tunnel is normally default in IPsec (does not have to be).

Check the SonicWall setting for split tunnel. That is the setting/variable that allows Internet alongside a VPN tunnel.

You can check if NAT Traversal is set (thinking of the Extender) but that setting should not affect the ability to use Internet.

.... Thinkpads_User
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
JAtkins3Author Commented:
I can connect through the VPN  no problem. I can open an ip address on the remote network no peoblem, but when I open up my browser to get out to the internet it will not allow me to get anywhere

I found this information but unable to find the proper configuration
"To disable the Use Default Gateway on Remote Network setting in the VPN dial-up connection item on the client computer:
Double-click My Computer, and then click the Network and Dial-up Connections link.
Right-click the VPN connection that you want to change, and then click Properties.
Click the Networking tab, click Internet Protocol (TCP/IP) in the Components checked are used by this connection list, and then click Properties.
Click Advanced, and then click to clear the Use default gateway on remote network check box.
Click OK, click OK, and then click OK."
0
 
John HurstBusiness Consultant (Owner)Commented:
I am not sure what settings in Windows you need to apply. For hardware VPN boxes, there are no Windows settings to take into account.

To disable the Use Default Gateway on Remote Network setting in the VPN dial-up connection item on the client computer:

VPN Dial-up is PPTP, so are you really sure you are not using that?  If not, the article probably does not apply.

Do you have SonicWall VPN boxes at both end?  What is at the remote end?

.... Thinkpads_User
0
 
JAtkins3Author Commented:
Sonicwall box at client at my house just the the software (SonicWall) Net extender
0
 
John HurstBusiness Consultant (Owner)Commented:
If you are connecting to VPN dial up at the Server, then you are using PPTP and that is why no Internet normally.

I use a Cisco VPN box in my home office to connect to client Juniper boxes. The protocol is IPsec VPN and I have no problem getting out to Internet.

If somehow it worked without the Net Extender (not clear that it would have worked), then the Net Extender is conflicting, but I do not know how.

.... Thinkpads_User
0
 
JAtkins3Author Commented:
Thank you for your time
0
 
JAtkins3Author Commented:
anyone else that may have a solution to use Sonicwall net-extender and my internet at the same time?
0
 
Blue Street TechLast KnightsCommented:
Hi JAtkins3,

The reason you cannot connect to the Intent using the SSL-VPN is most likely due to a misconfiguration of the Tunnel All mode in the SSL-VPN server.

To allow your end users access to internet over the UTM-SSLVPN, you will need to allow “WAN RemoteAccess Networks” (a network address object whose value 0.0.0.0 acts like a default route), and the Tunnel All option must be selected on the Client Routes page.  The method below is appropriate when the administrator wants all of their NetExtender users to have their internet access provided through the SSL-VPN otherwise disable Tunnel All mode.  Be sure that you are not overwhelming the internet bandwidth at the location where the firewall is installed, as this traffic will be added to the other loads from inside the network.
Step 1: On the SonicWALL, go to SSL-VPN > Client Routes screen, enable the Tunnel All option in the drop down menu.

Step 2: On the Users > Local Groups screen, configure SSLVPN Services group and under tab “VPN Access,” add the object WAN RemoteAccess Networks.

Step 3: No custom rules are needed on the Firewall > Access Rules screen for this to work.  You can see auto-added rules in the section SSLVPN to WAN.
Let me know if you have any questions!
0
 
JAtkins3Author Commented:
I don't have the access to the sonicwall I am only using the client I. My home PC. I administrate a PBX and after I VPN in I go directly to a specific IP address.  

If I am logged into this VPN and I want to check my email or update a ticket as I go. I can't. It will not allow me to connect to my Own internet.  Which is FiOS.

I have to log off update notes log back into the VPN.  Work.  Log off update notes ect...
0
 
Blue Street TechLast KnightsCommented:
Unfortunately, you'd need to have admin rights to the SonicWALL to change this. It has not been setup properly. You can forward my post (http:#a39796268) to your network admin and have him change it. If you do what I said in my post it will resolve your issue...it is a common misconfiguration with SSL-VPN Servers.
0
 
JAtkins3Author Commented:
I don't understand why would this block the use of my own internet, I can not find any means to split my connection.
0
 
JAtkins3Author Commented:
Maybe I need to be a little more clear
   I do not want to use the internet over the VNP , I want to use my own internet on my local PC/system
0
 
Blue Street TechLast KnightsCommented:
I don't understand why would this block the use of my own internet, I can not find any means to split my connection.
This is because the admin has most likely configured the SSL-VPN for Tunnel All mode. As I explained in my previous comment (http:#a39796268), Tunnel All mode routes everything through the VPN (your internet traffic too).

I do not want to use the internet over the VNP , I want to use my own internet on my local PC/system
The only way to achieve what you are wanting to do is as I have described in comment http:#a39796268 or have the admin switch it to split mode. Though, I doubt they will grant your request to change it from Tunnel all to split mode as this is most likely selected for security or other explicit reasons.

Make sense?
0
 
JAtkins3Author Commented:
yes it makes sense ty
0
 
Blue Street TechLast KnightsCommented:
You're welcome. I'm glad I could help and thanks for the points!
0

Featured Post

WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

  • 9
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now