VPN Client and Internet Access

K

Kyle

Hi,

I just setup a Win2000 RRAS and ISA, user was able to VPN into our LAN and
access resource. The user can not access the Internet while VPN into our
LAN. But as soon as he disconnected the VPN connection, he was able access
the Internet. Do you know if this is a design by Microsoft? or Do I missed
any important steps?

Thanks,
Kyle
 
P

Phillip Windell

It is by design. It is an "industry-wide" standard, not just Microsoft.

It protects the network you are "VPNing" into from the Internet. Otherwise
something could come from the internet to your machine and then into the
network you connected to. So it limits you to connecting to the Internet
only by going through the LAN you connected to, which usually doesn't work
unless it is rigged up to do so.

The opposite of this is called "Split-Tunneling" with VPN, so the standard
is that Split-Tunneling is disabled or not allowed.
 
S

Scott Harding

Have them put in the proxy settings of IE while they are on the VPN. Point
them to the ISA server with the correct port. this can be set just for the
VPN and then tey will able to get to the Internet while connected to the
VPN.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
Phillip Windell said:
It is by design. It is an "industry-wide" standard, not just Microsoft.

It protects the network you are "VPNing" into from the Internet.
Otherwise
something could come from the internet to your machine and then into the
network you connected to. So it limits you to connecting to the Internet
only by going through the LAN you connected to, which usually doesn't work
unless it is rigged up to do so.

The opposite of this is called "Split-Tunneling" with VPN, so the standard
is that Split-Tunneling is disabled or not allowed.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Kyle said:
Hi,

I just setup a Win2000 RRAS and ISA, user was able to VPN into our LAN
and
access resource. The user can not access the Internet while VPN into our
LAN. But as soon as he disconnected the VPN connection, he was able access
the Internet. Do you know if this is a design by Microsoft? or Do I missed
any important steps?

Thanks,
Kyle
Click to expand...
Click to expand...
 
P

Phillip Windell

Yes, but it needs to go in the Protperties of the Connection in the IE
Connections and not in the proxy settings found in the "LAN Settings".

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Scott Harding said:
Have them put in the proxy settings of IE while they are on the VPN. Point
them to the ISA server with the correct port. this can be set just for the
VPN and then tey will able to get to the Internet while connected to the
VPN.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
Phillip Windell said:
It is by design. It is an "industry-wide" standard, not just Microsoft.

It protects the network you are "VPNing" into from the Internet.
Otherwise
something could come from the internet to your machine and then into the
network you connected to. So it limits you to connecting to the Internet
only by going through the LAN you connected to, which usually doesn't work
unless it is rigged up to do so.

The opposite of this is called "Split-Tunneling" with VPN, so the standard
is that Split-Tunneling is disabled or not allowed.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Kyle said:
Hi,

I just setup a Win2000 RRAS and ISA, user was able to VPN into our LAN
and
access resource. The user can not access the Internet while VPN into our
LAN. But as soon as he disconnected the VPN connection, he was able access
the Internet. Do you know if this is a design by Microsoft? or Do I missed
any important steps?

Thanks,
Kyle
Click to expand...
Click to expand...
Click to expand...
 
S

Scott Harding

yes, that is what I was referring to. Thanks for clarifying, otherwise the
Prox settings would apply to the local LAN and that is not what you want.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
Phillip Windell said:
Yes, but it needs to go in the Protperties of the Connection in the IE
Connections and not in the proxy settings found in the "LAN Settings".

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Scott Harding said:
Have them put in the proxy settings of IE while they are on the VPN.
Point
them to the ISA server with the correct port. this can be set just for
the
VPN and then tey will able to get to the Internet while connected to the
VPN.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
Phillip Windell said:
It is by design. It is an "industry-wide" standard, not just
Microsoft.

It protects the network you are "VPNing" into from the Internet.
Otherwise
something could come from the internet to your machine and then into
the
network you connected to. So it limits you to connecting to the Internet
only by going through the LAN you connected to, which usually doesn't work
unless it is rigged up to do so.

The opposite of this is called "Split-Tunneling" with VPN, so the standard
is that Split-Tunneling is disabled or not allowed.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Hi,

I just setup a Win2000 RRAS and ISA, user was able to VPN into our LAN
and
access resource. The user can not access the Internet while VPN into our
LAN. But as soon as he disconnected the VPN connection, he was able
access
the Internet. Do you know if this is a design by Microsoft? or Do I
missed
any important steps?

Thanks,
Kyle
Click to expand...
Click to expand...
Click to expand...
 
K

Kyle

Thank you very much for all the responses! I will test it out.

Regards,
Kyle


Scott Harding said:
yes, that is what I was referring to. Thanks for clarifying, otherwise the
Prox settings would apply to the local LAN and that is not what you want.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
Phillip Windell said:
Yes, but it needs to go in the Protperties of the Connection in the IE
Connections and not in the proxy settings found in the "LAN Settings".

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Scott Harding said:
Have them put in the proxy settings of IE while they are on the VPN.
Point
them to the ISA server with the correct port. this can be set just for
the
VPN and then tey will able to get to the Internet while connected to the
VPN.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
It is by design. It is an "industry-wide" standard, not just
Microsoft.

It protects the network you are "VPNing" into from the Internet.
Otherwise
something could come from the internet to your machine and then into
the
network you connected to. So it limits you to connecting to the Internet
only by going through the LAN you connected to, which usually doesn't work
unless it is rigged up to do so.

The opposite of this is called "Split-Tunneling" with VPN, so the standard
is that Split-Tunneling is disabled or not allowed.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


Hi,

I just setup a Win2000 RRAS and ISA, user was able to VPN into our LAN
and
access resource. The user can not access the Internet while VPN
Click to expand...
into
our
LAN. But as soon as he disconnected the VPN connection, he was able
access
the Internet. Do you know if this is a design by Microsoft? or Do I
missed
any important steps?

Thanks,
Kyle
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VPN vs. VLAN 5
Site-to-Site VPN via Win2K Server 1
accessing work's vpn and browse internet at same time, how ? 3
Can't connect to Internet without VPN active 4
Microsoft VPN Client Issue 1
Prevent non-VPN connected Internet access for external users? 7
Internet & VPN access 2
User profile and logon script doesn't work over VPN 1

Top