VPN

  • Thread starter Thread starter Oliver
  • Start date Start date
O

Oliver

We have a few users that connect to other companys (not controlled by us) by
establishing a VPN connection, they are required to enter a username,
password and domain (not sure what device or OS the VPN box is), they are
having the following problem.

If they connect with the 'Use default gateway on remote network' setting
checked they don't have access to the internet while connected to the
internet, if they uncheck 'Use default gateway on remote network', they
lose access to our local network and the internet, the only solution I've
come up with is to manually modify the routing table after they connect, so
I first delete all 0.0.0.0 routes, then create 0.0.0.0 route to our local
gateway, I've created a batch file they run after they connect, but I'm sure
there is a way to automate this, how??, one more thing, the remote network
is using the same subnet as the our local network
 
the problem is the remote site using the same subnet. Modify the routing table only solution I can tell. For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
I recommend Brinkster for web hosting!

We have a few users that connect to other companys (not controlled by us) by
establishing a VPN connection, they are required to enter a username,
password and domain (not sure what device or OS the VPN box is), they are
having the following problem.

If they connect with the 'Use default gateway on remote network' setting
checked they don't have access to the internet while connected to the
internet, if they uncheck 'Use default gateway on remote network', they
lose access to our local network and the internet, the only solution I've
come up with is to manually modify the routing table after they connect, so
I first delete all 0.0.0.0 routes, then create 0.0.0.0 route to our local
gateway, I've created a batch file they run after they connect, but I'm sure
there is a way to automate this, how??, one more thing, the remote network
is using the same subnet as the our local network
 
You cannot use default routing to cover two different things. The default
route has to be either local or to the remote server.

What you need to decide is which gateway you want to use as the default,
then add routes for the other traffic.

If the client has "use default gateway.." box checked, the current
default route is disabled (by increasing its metric) and a new default route
set up to the remote server. In that case, you would need a static route to
the local router for subnets on your local network.

If you clear the check box, you keep your local default gateway, but you
only get a subnet route to the remote site. If you need access to machines
on a different subnet, you will need to add extra routing. Details about
this are in KB 254231 .

As Bob said, if both sites are using the same IP subnet, you are in
serious trouble!
 
Bill, I don't want to use the routing for two different thing, I know which
route I want to use, that's why im confused, I understand that if "use
default gateway" is checked I will lose my local gateway and therefore not
be able to access the internet Via our local gateway, that's why I unchecked
it, this is where I hit a brick wall, while it was unchecked, I lost access
not only to the internet but also to our own network, the machines routing
table showed our local gateway as the default and only route, my
understanding is that while its unchecked I would still use the same default
gateway as before the connection, still have access to our local subnet,
plus have access the subnet I connected to, so here is basically the
results...

Use Default Gateway checked:
1) Access to local network = Yes
2) Access to remote network = Yes
3) Access to the internet = No

Use Default Gateway unchecked:
1) Access to local network = No
2) Access to remote network = Yes
3) Access to the internet = No

In case manual routing is the only solution, is there a setting on the VPN
connection (XP Pro) to run a batch file upon connecting

Thanks
 
what local IP subnet are you connecting from (ex, 192.168.1.x)

what local IP subnet are you dialing into (ex 10.10.100.x)

I agree with Robert's guess here, and that you'll find that both the local, and the remote subnet are the same.


the problem is the remote site using the same subnet. Modify the routing table only solution I can tell. For more and other information, go to http://howtonetworking.com.

Don't send e-mail or reply to me except you need consulting services. Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on http://www.HowToNetworking.com
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
This posting is provided "AS IS" with no warranties.
I recommend Brinkster for web hosting!

We have a few users that connect to other companys (not controlled by us) by
establishing a VPN connection, they are required to enter a username,
password and domain (not sure what device or OS the VPN box is), they are
having the following problem.

If they connect with the 'Use default gateway on remote network' setting
checked they don't have access to the internet while connected to the
internet, if they uncheck 'Use default gateway on remote network', they
lose access to our local network and the internet, the only solution I've
come up with is to manually modify the routing table after they connect, so
I first delete all 0.0.0.0 routes, then create 0.0.0.0 route to our local
gateway, I've created a batch file they run after they connect, but I'm sure
there is a way to automate this, how??, one more thing, the remote network
is using the same subnet as the our local network
 
If that is the case, something odd is going on. If you clear the "use
default geteway.." box, your default route should not change. The only
change should be a subnet route set up to the subnet matching the "received"
IP address of the connection. If you can't see what is happening, post the
output of a route print before and after the connection is made.

You should at least be able to contact your local LAN machines because
they use direct "on the wire" addressing, not routing. Maybe it is the name
resolution that is being fouled up.
 
Back
Top