Very Computer

by **Adam** » Thu, 07 Mar 2002 06:33:58

I've finally set up a VPN connection, but the remote computer losses all of
it's ability to browse the internet as soon as it connects to our network.
The computer is still connected to it's ISP, it just can't go online. Is
the VPN stealing some of its resources?

The server it is connecting to has ISA as a firewall, is ISA causing any
problems?

thanks,
Adam

by **Keith W. McCammo** » Thu, 07 Mar 2002 06:46:24

Quote:> I've finally set up a VPN connection, but the remote computer losses all
of
> it's ability to browse the internet as soon as it connects to our network.
> The computer is still connected to it's ISP, it just can't go online. Is
> the VPN stealing some of its resources?

> The server it is connecting to has ISA as a firewall, is ISA causing any
> problems?

This is what VPN clients do, in most cases. Once you connect to a tunnel,
all of your traffic will travel through that tunnel. There are two ways
around this, and these don't always work depending on client and server
configurations. You can 1) remove the "use default gateway on remote
network" attribute from the dial-up connection, or 2) you can find a client
that performs split tunneling, which essentially allows you to use some type
of config file to specify which traffic get tunneled, and which does not.

by **Adam** » Thu, 07 Mar 2002 06:33:58

I've finally set up a VPN connection, but the remote computer losses all of
it's ability to browse the internet as soon as it connects to our network.
The computer is still connected to it's ISP, it just can't go online. Is
the VPN stealing some of its resources?

The server it is connecting to has ISA as a firewall, is ISA causing any
problems?

thanks,
Adam

by **sutek** » Thu, 07 Mar 2002 17:06:49

The issue here is typically one of routing. A computer can only have a
single default gateway for traffic that doesn't already have a pre-defined
network path from your computer. When you VPN, you typically take the vpn
server as your default gateway, and when you disconnect, your gateway is set
back to the ISP settings.

So how to fix the fact that you'd still want to surf the web while connected
through your VPN. There are a number of methods. The most popular for
corporations is the idea of a proxy server, where users can forward their
Internet bound traffic to this internal network server, which will then
forward it on. IE has a simple UI for setting the client to use such a
server in a win2k environment, I think IE has a way to autodetect the
settings if you set up your dc to handle this. Proxy servers also allow
corporations to monitor and filter traffic to better secure the network.

Another more complicated option is to have users create vpn connections
which specifically do not change the default gateway. This needs to be
backed up with a method of teaching the client computers how to find network
resources since they won't be able to
blindly send the traffic as before. The plus side of this is to save the
network from useless Internet traffic, but there are also some security
issues involved in this method. vpn connections are highly encrypted, while
your Internet connections aren't and there is some fear that Internet
attacks could be forwarded on through the vpn connection into the
corporation.

David Beder
Microsoft Windows Networking
(This posting is provided "AS IS" with no warranties, and confers no
rights.)

Quote:> I've finally set up a VPN connection, but the remote computer losses all
of
> it's ability to browse the internet as soon as it connects to our network.
> The computer is still connected to it's ISP, it just can't go online. Is
> the VPN stealing some of its resources?

> The server it is connecting to has ISA as a firewall, is ISA causing any
> problems?

> thanks,
> Adam

by **Al Smit** » Thu, 07 Mar 2002 22:41:46

the default for VPN is to use the default gateway (lan)..you can change this
easily by going into properties of VPN connection, advanced and unchecking "use
default gateway"

> The issue here is typically one of routing. A computer can only have a
> single default gateway for traffic that doesn't already have a pre-defined
> network path from your computer. When you VPN, you typically take the vpn
> server as your default gateway, and when you disconnect, your gateway is set
> back to the ISP settings.

> So how to fix the fact that you'd still want to surf the web while connected
> through your VPN. There are a number of methods. The most popular for
> corporations is the idea of a proxy server, where users can forward their
> Internet bound traffic to this internal network server, which will then
> forward it on. IE has a simple UI for setting the client to use such a
> server in a win2k environment, I think IE has a way to autodetect the
> settings if you set up your dc to handle this. Proxy servers also allow
> corporations to monitor and filter traffic to better secure the network.

> Another more complicated option is to have users create vpn connections
> which specifically do not change the default gateway. This needs to be
> backed up with a method of teaching the client computers how to find network
> resources since they won't be able to
> blindly send the traffic as before. The plus side of this is to save the
> network from useless Internet traffic, but there are also some security
> issues involved in this method. vpn connections are highly encrypted, while
> your Internet connections aren't and there is some fear that Internet
> attacks could be forwarded on through the vpn connection into the
> corporation.

> David Beder
> Microsoft Windows Networking
> (This posting is provided "AS IS" with no warranties, and confers no
> rights.)

> > I've finally set up a VPN connection, but the remote computer losses all
> of
> > it's ability to browse the internet as soon as it connects to our network.
> > The computer is still connected to it's ISP, it just can't go online. Is
> > the VPN stealing some of its resources?

> > The server it is connecting to has ISA as a firewall, is ISA causing any
> > problems?

> > thanks,
> > Adam

by **Adam** » Fri, 08 Mar 2002 03:43:41

I unchecked default gateway, and that fixed the problem with the internet.
Now I can't ping anything on the internal network. What settings do I need
to allow a user to use their own gateway for internet access, yet allow them
to see the internal network. The Server ip is 192.168.16.2 and the DHCP is
assigning 10.2.10.xx.

> The issue here is typically one of routing. A computer can only have a
> single default gateway for traffic that doesn't already have a pre-defined
> network path from your computer. When you VPN, you typically take the vpn
> server as your default gateway, and when you disconnect, your gateway is
set
> back to the ISP settings.

> So how to fix the fact that you'd still want to surf the web while
connected
> through your VPN. There are a number of methods. The most popular for
> corporations is the idea of a proxy server, where users can forward their
> Internet bound traffic to this internal network server, which will then
> forward it on. IE has a simple UI for setting the client to use such a
> server in a win2k environment, I think IE has a way to autodetect the
> settings if you set up your dc to handle this. Proxy servers also allow
> corporations to monitor and filter traffic to better secure the network.

> Another more complicated option is to have users create vpn connections
> which specifically do not change the default gateway. This needs to be
> backed up with a method of teaching the client computers how to find
network
> resources since they won't be able to
> blindly send the traffic as before. The plus side of this is to save the
> network from useless Internet traffic, but there are also some security
> issues involved in this method. vpn connections are highly encrypted,
while
> your Internet connections aren't and there is some fear that Internet
> attacks could be forwarded on through the vpn connection into the
> corporation.

> David Beder
> Microsoft Windows Networking
> (This posting is provided "AS IS" with no warranties, and confers no
> rights.)

> > I've finally set up a VPN connection, but the remote computer losses all
> of
> > it's ability to browse the internet as soon as it connects to our
network.
> > The computer is still connected to it's ISP, it just can't go online.
Is
> > the VPN stealing some of its resources?

> > The server it is connecting to has ISA as a firewall, is ISA causing any
> > problems?

> > thanks,
> > Adam

by **Keith W. McCammo** » Fri, 08 Mar 2002 03:49:50

Quote:> I unchecked default gateway, and that fixed the problem with the internet.
> Now I can't ping anything on the internal network. What settings do I
need
> to allow a user to use their own gateway for internet access, yet allow
them
> to see the internal network. The Server ip is 192.168.16.2 and the DHCP is
> assigning 10.2.10.xx.

If you are being assigned an IP address on a different network than that
resources that you need to access, you may need the remote gateway to
properly connect to those resources. If you see my original reply, I noted
that this does not always work. By "work," I was referring to providing the
"split tunneling" effect that you desire. Many networks are configured in
such a manner that split tunneling is not an option, mainly to protect the
corporate network. Thus, they require that you use their gateway to be
routed properly on the internal network(s).

Very Computer

VPN steals internet connection

VPN steals internet connection

VPN steals internet connection

VPN steals internet connection

VPN steals internet connection

VPN steals internet connection

VPN steals internet connection

VPN steals internet connection