Internet access while connected to VPN server

L

Lou

Is installing a Proxy server the Only way that a
connected VPN Client can have access to the Internet
through the corporate network?
 
D

Dusty Harper {MS}

No. A VPN client acts as a client that is directly attached to the local
network. It will utilize whatever means the local network uses to access
the Internet ( NAT, Proxy, or Direct access )
 
G

Guest

Dusty,

Thanks for the reply, The local Network uses NAT and all
the local workstations have no problem accessing the
Internet while the VPN Clients while connected Can not.
The only way that I could get Iternet access to the VPN
Clients while connected is to add a route to VPN Client
that routes some Internet traffic through their Local
Iternet gateway. This is not a very pratical solution.

It seems that there should be a way to give the VPN
Clients some limited (Just few Web sites) Iternet access
through the coporate network.

Lou
 
B

Bill Grant

By default, ALL traffic from the remote client is routed over the VPN
connection. The client's current default route is demoted and a new default
route using the VPN link is set up on connection. See KB 254231 . You
should only need to add specific routes to the client if you have disabled
this option (and in that case, the client will be acessing the Internet
directly, not through the VPN link).
 
L

Lou

Thank you Bill, What I would like to do is give internet
access to VPN CLients through the corporate network,
without adding (manually or by script) new Routes to the
VPN Client Routing Table, I like to control their
Internet access on the corporate network side, Is what
I'm asking Possible ? If yes could you point me to right
direction?

Lou
 
D

Dusty Harper {MS}

Bill was addressing the Split Tunnel Routing which is further detailed here:
http://www.microsoft.com/technet/community/columns/cableguy/cg1003.mspx

Basically this is where you tunnel into the corporate network, and have
traffic for the corporate network go across the tunnel, but traffic destined
for say the Internet use the local network.


Tunnel Corporate LAN
[ PC1]o=======o[RRAS]-------------------------------
| Corporate Traffic -->

Internet | |
Traffic V |
|

Internet

However by default as Bill states all traffic will travel across the Tunnel
and utilize the Corporate Network's Infrastructure.

You say that you are being NAT'd on the Corporate network. does the NAT
know how to get back to the VPN'd clients ( possible they are on a different
network segment. Can you describe your setup a little?
 
G

Guest

Dusty,

The router & Servers have IPs 192.168.1.X mask 255.255.0.0

All local PCs get 192.168.1.X mask 255.255.255.0

The RRAS Nic1 192.168.1.27 mask 255.255.0.0 DNS
192.168.1.Z

Nic2 207.152.X.X mask 255.255.255.0 Gateway 207.152.X.Y


VPN Clients get IPs from the static pool of 192.168.3.1
to 192.168.3.254

I have used few 192.168.3.X on a local PC and I'm able to
get internet access...

Thank you for your help
 
D

Dusty Harper {MS}

This is what I read your network to be.

207.152.X.X
192.168.1.X
[GATEWAY]--------------------------[RRAS with NAT]-------------------------
/ /
/ / 192.168.3.X
[Client]



Is this correct?
 
L

Lou

Dusty,

The NAT is at the Gateway not on the RRAS
192.168.1.x
192.168.1.X 207.152.x.z 192.168.3.X
[GATEWAY with NAT]-------[RRAS]--------------[Client]

Thank You
 
D

Dusty Harper {MS}

So does your NAT box have a route that says to reach the 192.168.3.X network
use 207.152.x.z ?
 
L

lou

Dusty,

Sorry it took a while to respond..

I did not setup the Router that does the NAT..
I'm trying to get familiar with It.
This is going to take a while, but I think you maybe
right because the RRAS did not exist before and no
changes were made to the Router when the RRAS was setup

Thank you for all your help

Lou

-----Original Message-----
So does your NAT box have a route that says to reach the 192.168.3.X network
use 207.152.x.z ?
--
--
Dusty Harper
Microsoft Corporation
--------------------------------------------------------- -------------------
This posting is provided "AS IS", with NO warranties and confers NO rights
--------------------------------------------------------- -------------------

Dusty,

The NAT is at the Gateway not on the RRAS
192.168.1.x
192.168.1.X 207.152.x.z 192.168.3.X
[GATEWAY with NAT]-------[RRAS]--------------[Client]

Thank You


.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top