Date: Tue, 17 Aug 2004 21:34:51 -0500 From: "Micheal Patterson" <micheal@tsgincorporated.com> To: "Eric Crist" <ecrist@secure-computing.net>, "'Jonathan T. Sage'" <sagejona@theatre.msu.edu> Cc: freebsd-questions@freebsd.org Subject: Re: [OT] VPN issues with some windows users... Message-ID: <c22b01c484cc$433db990$0201a8c0@dredster> References: <005901c484c5$78b443c0$6501a8c0@Nomad>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Eric Crist" <ecrist@secure-computing.net> To: "'Jonathan T. Sage'" <sagejona@theatre.msu.edu> Cc: <freebsd-questions@freebsd.org> Sent: Tuesday, August 17, 2004 8:48 PM Subject: RE: [OT] VPN issues with some windows users... >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org >> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of >> Jonathan T. Sage >> Sent: Tuesday, August 17, 2004 8:51 PM >> To: Eric Crist >> Cc: freebsd-questions@freebsd.org >> Subject: Re: [OT] VPN issues with some windows users... >> >> >> >> >> Eric Crist wrote: >> >> > Hello all, >> > >> > I'm sorry this is a bit off-topic, but you're the only truly >> > knowledgable group I know. ;) Some fellow users and I have been >> > having some issues connecting to a Cisco VPN system with >> the built-in >> > windows VPN software. While successfully connected to the internet >> > (at home, for example), I connect to the remote VPN. Instantly, my >> > internet connectivity seems to be lost, but I can use the VPN >> > perfectly fine. As soon as I disconnect, my internet >> connectivity is >> > completely restored. I have a second VPN I connect to using V-One's >> > SmartPass software, and I have no issues (i.e. everything works >> > perfectly, including my 'net connection). >> > >> > Anyone have any ideas? >> >> probably (although not definatally) is related to a >> misconfigured router >> on the cisco VPN not allowing internet traffic out. this might be >> intentional too. I run a very small vpn, and in order to keep >> connection times down (my user base is um.... well then) i have >> configured to not allow any traffic other than directly to >> the machine >> that hosts the vpn. >> >> dunno if this helps much, but might give you a starting point. > > Jonathan, > > Thanks for the quick reply. I'm not trying to access the internet > through this VPN, I want to access the internet through my own > internet > connection, and have only the VPN traffic try to use the VPN tunnel. > The SmartPass VPN connection resides just fine without interfering > with > my connection. This is what I'm hoping for. > > Does this make sense? > > Thanks, > > > > Eric F Crist > Best Access Systems > 11300 Rupp Dr. Burnsville, MN 55337 > Phone: 952.894.3830 > Cell: 612.998.3588 > Fax: 952-894-1990 > > When I was using the Cisco VPN client to connect to our router as a terminator back in the olden days, there was an option for the security policy within the client software to totally disable access to non-secure networks while the client was active. I can't see Cisco changing that as time progressed. There's also a couple of things to consider when working with the built in vpn software for Win2k and WinXP. Windows, when connected via builtin VPN, will connect with the remote network and provide a metric of 1 for that route and it will also be flagged as a default gateway (remote network of 0.0.0.0) , it becomes your best, lowest metric, route to the world by design. I would say, that one of your vpn connections is configured to allow your traffic to pass through it to the net whereas one is not. Since my remote vpn users need access to medical web sites due to the nature of thier specific jobs, I have to provide them a method of either adjusting the metric on their individual systems or configure to allow their web traffic to proceed as required. To me, it's easier for me to allow their traffic and filter it heavily than to allow remote users in other states administrative control over their network settings. -- Micheal Patterson TSG Network Administration 405-917-0600 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c22b01c484cc$433db990$0201a8c0>