• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN to External

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> VPN to External Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN to External - 9.Jun.2009 7:39:15 AM   
create_share

 

Posts: 269
Joined: 4.May2005
Status: offline
Hi!

My internal users cannot use internet if they are connected through isa 2006 to a remote cisco vpn router. I disabled the default gateway on the vpn client connection and used isa as webproxy but still not working.


Thanks!
Post #: 1
RE: VPN to External - 9.Jun.2009 11:49:50 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
That has nothing to do with ISA.
That is within the behavor of the Cisco VPN Client.  By the nature of VPN,...once activated,...becomes the Default Gateway of the machine and over-rides the original Default Gateway.  So any traffic not destined for the local LAN is automatically passed through the VPN Client whether it is the right place to go or not.

Web Proxy Clients can typically use the ISA in spite of this because the redirection to the proxy happens at the Application Layer and so avoids the problem.  SecureNAT Clients are in big trouble.   Firewall Clients also use the Application Layer and would get around this, but unfortuneately the FWC is usually disabled to allow the Cisco VPN Client to function so you are back to being a SecureNAT Client.

The place to correct this (if it is possible to correct) is in the Cisco VPN Client itself. I believe the term you might be looking for is Split Tunneling,...you need to "split-tunnel" the traffic to get it to work right. I do not know if Cisco uses that terminology or not.

_____________________________

Phillip Windell

(in reply to create_share)
Post #: 2
RE: VPN to External - 9.Jun.2009 3:16:33 PM   
create_share

 

Posts: 269
Joined: 4.May2005
Status: offline
My users are using Windows VPN Connection to connect to Cisco 837 ADSL router and not Cisco VPN Client (if any i don't know).

Secondly, I have tested this without isa by connecting a pc directly to internet and to cisco router through windows vpn connection at the same time. I just disabled the default gateway on windows vpn connection and internet worked.

May be there is some configuration problem.

Thanks!

(in reply to pwindell)
Post #: 3
RE: VPN to External - 9.Jun.2009 3:26:37 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
In a "Windows" VPN Connection you have to disable the checkbox that says "use gateway on remote network".   Where that is actually located in the DUN entry varies with your version of Windows running on the Client.  The newer the verios of Windows,...the deeper they try to bury the setting seemingly behind dozens of mouse clicks.

If the VPN Client is not using DHCP,...then you can remove the Default Gateway Setting to produce a similar effect,...as you noticed.


_____________________________

Phillip Windell

(in reply to create_share)
Post #: 4
RE: VPN to External - 9.Jun.2009 3:47:59 PM   
create_share

 

Posts: 269
Joined: 4.May2005
Status: offline
It was only a matter of allowing "All Users" in Internet Access Rule Users Box and the internet started working. I don't know why it does not work if i add speficic users.

Thanks!

(in reply to pwindell)
Post #: 5
RE: VPN to External - 9.Jun.2009 3:55:21 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Then you have a problem with ISA's Domain Membership,..or ISA's DNS Settings,...or both at the same time.

_____________________________

Phillip Windell

(in reply to create_share)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> VPN to External Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts