VPN Ok. Internet Dead.

TheMSsForum.com: The Microsoft Software Forum

I have setup and configured a VPN to an offsite server
which works fine. However, when I connect the VPN, I lose
internet access. (Am running SBS2000 here). I saw a post
a while back about a setting to change to allow internet
access while connected to the VPN but I can't find it
again. As I recall, it was very simple (couple of clicks)
but damned if I can remember what it was!

Thanks!

Scott
Top

Re: VPN Ok. Internet Dead. by jimbehning

jimbehning
Sun Sep 28 20:19:30 CDT 2003

Do a google search in this newsgroup for default gateway. There are
security issues related to changing the checkbox. Default gateway is
found in the vpn connection properties. Remoter computers should be up
to date on all patches and AV definitons. Well they should be bedfore
you let them vpn in anyway. Some administrators insist that the remote
user computer have some sort of firewall installed before they can
vpn.

"Scott" <scott@cadyco.com> wrote:

>I have setup and configured a VPN to an offsite server
>which works fine. However, when I connect the VPN, I lose
>internet access. (Am running SBS2000 here). I saw a post
>a while back about a setting to change to allow internet
>access while connected to the VPN but I can't find it
>again. As I recall, it was very simple (couple of clicks)
>but damned if I can remember what it was!
>
>Thanks!
>
>Scott

Jim B. SBS MVP
Top

Re: VPN Ok. Internet Dead. by Merv

Merv
Sun Sep 28 20:19:17 CDT 2003

Name Resolution and Connectivity Issues on Windows 2000 Domain Controller
with Routing and Remote Access and DNS Installed
http://support.microsoft.com/?kbid=292822

If you have SBS SP1 or SP1a installed, you only need to do the regedits.

--
Merv Porter [SBS MVP]
===================================

"Scott" <scott@cadyco.com> wrote in message
news:09f901c38626$e20196a0$a301280a@phx.gbl...
> I have setup and configured a VPN to an offsite server
> which works fine. However, when I connect the VPN, I lose
> internet access. (Am running SBS2000 here). I saw a post
> a while back about a setting to change to allow internet
> access while connected to the VPN but I can't find it
> again. As I recall, it was very simple (couple of clicks)
> but damned if I can remember what it was!
>
> Thanks!
>
> Scott


Top

Re: VPN Ok. Internet Dead. by Merv

Merv
Sun Sep 28 20:25:14 CDT 2003

Sorry, I misread your post. I think Jim has your answer.


"Merv Porter" <mwport@hotmail.com> wrote in message
news:eX02geihDHA.2120@TK2MSFTNGP10.phx.gbl...
> Name Resolution and Connectivity Issues on Windows 2000 Domain Controller
> with Routing and Remote Access and DNS Installed
> http://support.microsoft.com/?kbid=292822
>
> If you have SBS SP1 or SP1a installed, you only need to do the regedits.
>
> --
> Merv Porter [SBS MVP]
> ===================================
>
> "Scott" <scott@cadyco.com> wrote in message
> news:09f901c38626$e20196a0$a301280a@phx.gbl...
> > I have setup and configured a VPN to an offsite server
> > which works fine. However, when I connect the VPN, I lose
> > internet access. (Am running SBS2000 here). I saw a post
> > a while back about a setting to change to allow internet
> > access while connected to the VPN but I can't find it
> > again. As I recall, it was very simple (couple of clicks)
> > but damned if I can remember what it was!
> >
> > Thanks!
> >
> > Scott
>
>


Top

Re: VPN Ok. Internet Dead. by Scott

Scott
Sun Sep 28 20:28:40 CDT 2003

So would it be more secure to not do the edits and live
with the problem? It is not a huge problem as I only
connect long enough to download a few files and then log
off.

>-----Original Message-----
>Name Resolution and Connectivity Issues on Windows 2000
Domain Controller
>with Routing and Remote Access and DNS Installed
>http://support.microsoft.com/?kbid=292822
>
>If you have SBS SP1 or SP1a installed, you only need to
do the regedits.
>
>--
>Merv Porter [SBS MVP]
>===================================
>
>"Scott" <scott@cadyco.com> wrote in message
>news:09f901c38626$e20196a0$a301280a@phx.gbl...
>> I have setup and configured a VPN to an offsite server
>> which works fine. However, when I connect the VPN, I
lose
>> internet access. (Am running SBS2000 here). I saw a
post
>> a while back about a setting to change to allow internet
>> access while connected to the VPN but I can't find it
>> again. As I recall, it was very simple (couple of
clicks)
>> but damned if I can remember what it was!
>>
>> Thanks!
>>
>> Scott
>
>
>.
>
Top

Re: VPN Ok. Internet Dead. by Susan

Susan
Sun Sep 28 21:10:14 CDT 2003

"Some administrators insist that the remote
user computer have some sort of firewall installed before they can
vpn."

IMHO every computer user these days should have a firewall installed.
But then again... I'm paranoid :-)

jimbehning@mindspring.com wrote:

> Do a google search in this newsgroup for default gateway. There are
> security issues related to changing the checkbox. Default gateway is
> found in the vpn connection properties. Remoter computers should be up
> to date on all patches and AV definitons. Well they should be bedfore
> you let them vpn in anyway. Some administrators insist that the remote
> user computer have some sort of firewall installed before they can
> vpn.
>
> "Scott" <scott@cadyco.com> wrote:
>
>
>>I have setup and configured a VPN to an offsite server
>>which works fine. However, when I connect the VPN, I lose
>>internet access. (Am running SBS2000 here). I saw a post
>>a while back about a setting to change to allow internet
>>access while connected to the VPN but I can't find it
>>again. As I recall, it was very simple (couple of clicks)
>>but damned if I can remember what it was!
>>
>>Thanks!
>>
>>Scott
>
>
> Jim B. SBS MVP

--
"Don't lose sight of security. Security is a state of being,
not a state of budget. He with the most firewalls still does
not win. Put down that honeypot and keep up to date on your patches.
Demand better security from vendors and hold them responsible.
Use what you have, and make sure you know how to use it properly
and effectively."
~Rain Forest Puppy
http://www.wiretrip.net/rfp/txt/evolution.txt

Top

Re: VPN Ok. Internet Dead. by Chad

Chad
Sun Sep 28 21:50:46 CDT 2003

Hi Scott -

If you are utilizing ISA at your location, then the security risk associated
with unchecking 'Use default gateway' is minimal, since you're behind ISA.
Changing this setting becomes much more of a security issue when we're
talking about roaming / home users where we often do not have control over
the remote PC.

--
Chad A Gross - SBS Rocks!

Lerman's Law of Technology: Any technical problem can be overcome
given enough time and money. Corollary: You are never given enough
time or money.



jimbehning@mindspring.com wrote:
> Do a google search in this newsgroup for default gateway. There are
> security issues related to changing the checkbox. Default gateway is
> found in the vpn connection properties. Remoter computers should be up
> to date on all patches and AV definitons. Well they should be bedfore
> you let them vpn in anyway. Some administrators insist that the remote
> user computer have some sort of firewall installed before they can
> vpn.
>
> "Scott" <scott@cadyco.com> wrote:
>
>> I have setup and configured a VPN to an offsite server
>> which works fine. However, when I connect the VPN, I lose
>> internet access. (Am running SBS2000 here). I saw a post
>> a while back about a setting to change to allow internet
>> access while connected to the VPN but I can't find it
>> again. As I recall, it was very simple (couple of clicks)
>> but damned if I can remember what it was!
>>
>> Thanks!
>>
>> Scott
>
> Jim B. SBS MVP


Top

Re: VPN Ok. Internet Dead. by Merv

Merv
Sun Sep 28 20:46:40 CDT 2003

Scott:

I misread your original post. The 292822 regedits fix a problem when remote
computers VPN into your SBS, your LAN clients subsequently lose Internet
access or name resolution. See Jim's response.

--
Merv Porter [SBS MVP]
===================================
"Scott" <scott@cadyco.com> wrote in message
news:0a7401c38629$03363090$a101280a@phx.gbl...
> So would it be more secure to not do the edits and live
> with the problem? It is not a huge problem as I only
> connect long enough to download a few files and then log
> off.
>
> >-----Original Message-----
> >Name Resolution and Connectivity Issues on Windows 2000
> Domain Controller
> >with Routing and Remote Access and DNS Installed
> >http://support.microsoft.com/?kbid=292822
> >
> >If you have SBS SP1 or SP1a installed, you only need to
> do the regedits.
> >
> >--
> >Merv Porter [SBS MVP]
> >===================================
> >
> >"Scott" <scott@cadyco.com> wrote in message
> >news:09f901c38626$e20196a0$a301280a@phx.gbl...
> >> I have setup and configured a VPN to an offsite server
> >> which works fine. However, when I connect the VPN, I
> lose
> >> internet access. (Am running SBS2000 here). I saw a
> post
> >> a while back about a setting to change to allow internet
> >> access while connected to the VPN but I can't find it
> >> again. As I recall, it was very simple (couple of
> clicks)
> >> but damned if I can remember what it was!
> >>
> >> Thanks!
> >>
> >> Scott
> >
> >
> >.
> >


Top

Re: VPN Ok. Internet Dead. by NetNathan

NetNathan
Mon Sep 29 13:44:31 CDT 2003

On the remote pc which is establishing vpn to the server, what is the risk
of un-checking "Use Default Gateway"?
Can this be better explained, beyond "security risk"?
Does it help if the remote pc is also behind a router and firewall?
-nn


"Chad A Gross" <chad.gross@laytonflower.nospam.com> wrote in message
news:ecmxNSjhDHA.1800@TK2MSFTNGP09.phx.gbl...
> Hi Scott -
>
> If you are utilizing ISA at your location, then the security risk
associated
> with unchecking 'Use default gateway' is minimal, since you're behind ISA.
> Changing this setting becomes much more of a security issue when we're
> talking about roaming / home users where we often do not have control over
> the remote PC.
>
> --
> Chad A Gross - SBS Rocks!
>
> Lerman's Law of Technology: Any technical problem can be overcome
> given enough time and money. Corollary: You are never given enough
> time or money.
>
>
>
> jimbehning@mindspring.com wrote:
> > Do a google search in this newsgroup for default gateway. There are
> > security issues related to changing the checkbox. Default gateway is
> > found in the vpn connection properties. Remoter computers should be up
> > to date on all patches and AV definitons. Well they should be bedfore
> > you let them vpn in anyway. Some administrators insist that the remote
> > user computer have some sort of firewall installed before they can
> > vpn.
> >
> > "Scott" <scott@cadyco.com> wrote:
> >
> >> I have setup and configured a VPN to an offsite server
> >> which works fine. However, when I connect the VPN, I lose
> >> internet access. (Am running SBS2000 here). I saw a post
> >> a while back about a setting to change to allow internet
> >> access while connected to the VPN but I can't find it
> >> again. As I recall, it was very simple (couple of clicks)
> >> but damned if I can remember what it was!
> >>
> >> Thanks!
> >>
> >> Scott
> >
> > Jim B. SBS MVP
>
>


Top

Re: VPN Ok. Internet Dead. by Chad

Chad
Mon Sep 29 16:30:53 CDT 2003

Hi Nathan -

Tom covers the subject pretty well:
http://www.isaserver.org/tutorials/VPN_Client_Security_Issues.html

--
Chad A Gross - SBS Rocks!

Lerman's Law of Technology: Any technical problem can be overcome
given enough time and money. Corollary: You are never given enough
time or money.



NetNathan wrote:
> On the remote pc which is establishing vpn to the server, what is the
> risk of un-checking "Use Default Gateway"?
> Can this be better explained, beyond "security risk"?
> Does it help if the remote pc is also behind a router and firewall?
> -nn
>
>
> "Chad A Gross" <chad.gross@laytonflower.nospam.com> wrote in message
> news:ecmxNSjhDHA.1800@TK2MSFTNGP09.phx.gbl...
>> Hi Scott -
>>
>> If you are utilizing ISA at your location, then the security risk
>> associated with unchecking 'Use default gateway' is minimal, since
>> you're behind ISA. Changing this setting becomes much more of a
>> security issue when we're talking about roaming / home users where
>> we often do not have control over the remote PC.
>>
>> --
>> Chad A Gross - SBS Rocks!
>>
>> Lerman's Law of Technology: Any technical problem can be overcome
>> given enough time and money. Corollary: You are never given enough
>> time or money.
>>
>>
>>
>> jimbehning@mindspring.com wrote:
>>> Do a google search in this newsgroup for default gateway. There are
>>> security issues related to changing the checkbox. Default gateway is
>>> found in the vpn connection properties. Remoter computers should be
>>> up to date on all patches and AV definitons. Well they should be
>>> bedfore you let them vpn in anyway. Some administrators insist that
>>> the remote user computer have some sort of firewall installed
>>> before they can
>>> vpn.
>>>
>>> "Scott" <scott@cadyco.com> wrote:
>>>
>>>> I have setup and configured a VPN to an offsite server
>>>> which works fine. However, when I connect the VPN, I lose
>>>> internet access. (Am running SBS2000 here). I saw a post
>>>> a while back about a setting to change to allow internet
>>>> access while connected to the VPN but I can't find it
>>>> again. As I recall, it was very simple (couple of clicks)
>>>> but damned if I can remember what it was!
>>>>
>>>> Thanks!
>>>>
>>>> Scott
>>>
>>> Jim B. SBS MVP


Top

Re: VPN Ok. Internet Dead. by jimbehning

jimbehning
Mon Sep 29 19:01:23 CDT 2003

Any server that does VPN should do the edits. Any connection even for
a few seconds can cause WINS problems.

"Scott" <scott@cadyco.com> wrote:

>So would it be more secure to not do the edits and live
>with the problem? It is not a huge problem as I only
>connect long enough to download a few files and then log
>off.
>
>>-----Original Message-----
>>Name Resolution and Connectivity Issues on Windows 2000
>Domain Controller
>>with Routing and Remote Access and DNS Installed
>>http://support.microsoft.com/?kbid=292822
>>
>>If you have SBS SP1 or SP1a installed, you only need to
>do the regedits.
>>
>>--
>>Merv Porter [SBS MVP]
>>===================================
>>
>>"Scott" <scott@cadyco.com> wrote in message
>>news:09f901c38626$e20196a0$a301280a@phx.gbl...
>>> I have setup and configured a VPN to an offsite server
>>> which works fine. However, when I connect the VPN, I
>lose
>>> internet access. (Am running SBS2000 here). I saw a
>post
>>> a while back about a setting to change to allow internet
>>> access while connected to the VPN but I can't find it
>>> again. As I recall, it was very simple (couple of
>clicks)
>>> but damned if I can remember what it was!
>>>
>>> Thanks!
>>>
>>> Scott
>>
>>
>>.
>>

Jim B. SBS MVP
Top