[vpn-help] VPN connects but local internet pc gets cut off
Matthew Grooms
mgrooms at shrew.net
Mon Aug 23 23:51:28 CDT 2010
On 8/21/2010 1:49 PM, Em Cielo wrote:
> Good day.
>
Hi Em,
> I would like to know if anybody could be able to help me with my issue.
> I downloaded the latest client and installed it. I had several issues
> with the drivers not being signed but I was able to work around that.
Are you using 2.1.6? It was released a few days ago and has singed
drivers for all supported Windows platforms.
> System specs, Windows 7 Ultimate 64bit, 3gb ram, 1.5mbps adsl line,
> router configured for IPSec passthough. I am accessing vpn gateway so I
> could connect to our citrix servers. Now after importing the vpn
> settings to the access manager, first attempt to connect to the vpn was
> a no brainer. I was able to connect was able to access the citrix
> servers and was able to load citrix desktop. when I tried to use the
> local internet I can't load any pages. I could ping my router, i could
> ping and access other local computers but my internet access is broke. I
> know my data is being tunneled through the vpn but is there a way to
> prevent this from happening so I could still access the internet on my
> local computer? I looked at the last portion of the configuration and
> there was a setting there for automatically detect network topology or
> tunnel all was checked. I thought this might be the solution. so I
> unchecked that one and created settings that would include the vpn
> subnet but exclude the local subnet. tried several other configuration
> but I can't just seem to connect to the internet locally. I tried to use
> my corporate proxy and it works but it is too restricted. I realized
> that if i put my coporate proxy i can access the internet it means that
> any data that goes out to the internet passes through the tunnel. Is
> there a work around for this so that I could still use my local internet
> access? All the help would be appreciated! Thanks!
>
What you are describing is called a split tunnel. For this to work
correctly, the client must know the topology of the network on the far
side of the VPN tunnel. Otherwise, it doesn't know which traffic to send
via the tunnel and which traffic to send the the local default gateway.
If your gateway doesn't provide the information automatically, your only
option is to uncheck 'Obtain Topology Automatically' and then add all
the networks manually using 'include'. This tells the client to only
send traffic across the tunnel when the destination matches an 'include'
network definition. However, it also means the client will negotiate
separate SA's for each policy by default ( unless this is a cisco
gateway ). One way to work around this is to set the Policy generation
level to 'shared' which will negotiate SAs as if it were sending all
traffic via the tunnel. For more information, please read this page of
the client documentation ...
http://www.shrew.net/static/help-2.1.x/files/PolicySettings.html0
-Matthew
More information about the vpn-help
mailing list