3

I am currently running Windows 7 32bit. I have both the Cisco VPN client and the Shrew Soft VPN client, both work as expected. The only problem is that I lose connection with the internet so I cannot browse Google, etc.

Dennis Williamson
  • 62,149
  • 16
  • 116
  • 151
Nathan Fisher
  • 133
  • 1
  • 5
  • 1
    Are you the admin of the VPN or just the user? If you're just a user this may be how the admin decided to set up the VPN. But check your proxy settings and routing table. – 3dinfluence Dec 17 '09 at 22:38
  • Just the user. I am going from an ADSL connection with a billion 7404VGO router. – Nathan Fisher Dec 17 '09 at 22:43

5 Answers5

6

It is standard practice to route ALL of your traffic over a VPN connection while connected.

There is often a setting within the client to only send traffic destined for that particular network over the VPN connection, but this is called split-tunelling, and is considered a security risk. The problem is that an attacker could gain access to your computer over your regular connection (virus/backdoor/etc), and they would now have access to your corporate network via the VPN - effectively bypassing any security your corporate network has put in place.

Brent
  • 22,857
  • 19
  • 70
  • 102
5

The Cisco VPN Client has an option for "Split Tunneling".

This allows you to see your network and the connected VPN Network at the same time.

What sounds like is happening is when you connect to the VPN Host they do not have this option enabled, therefore you use their resources for everything. If you want to surf the web it would be off their connection, ISP, IP Addresses etc. If they have locked this down you would not be able to do so.

I had a similar problem where I could not see my network printer at home once I VPN'd in until split tunneling was enabled.

Gary Steven
  • 63
  • 3
3

This is a common configuration, as Home Boy and others have noted.

The best solution is to run your VPN session, and associated work, inside of a virtual machine (VMWare, Virtual Box, or whatever you choose) so that only that box's network is impacted.

Jon Lasser
  • 970
  • 5
  • 7
0

Looks like you are becoming part of the corporate network (or whatever network you are connecting thru vpn) and you might have to use their proxy in ur browser to be able to browse.

Home Boy
  • 62
  • 4
  • either that or your routes are messed up and it is trying to send everything via the VPN which ain't working out too well for you. – Keiran Holloway Dec 17 '09 at 22:38
  • Split tunneling isn't always allowed by the VPN. – 3dinfluence Dec 17 '09 at 22:40
  • That is correct. I am connecting to a corporate network from an ADSL connection at home. – Nathan Fisher Dec 17 '09 at 22:46
  • @3dinfluence. Split tunneling is an option is it? – Nathan Fisher Dec 17 '09 at 22:47
  • @Nathan Fisher: the spit tunneling policy is setup by the network admin in charge of the VPN endpoint. You can't control it on the client side. A lot of corporation do not enable split tunneling as a security measure. – Zypher Dec 17 '09 at 22:57
  • Some VPN solutions also provide you an option to connect using browser, instead of a VPN stand-alone client application. In such a split tunnel is established on the browser session only and you could continue to connect to other sites, internet apps... – Home Boy Dec 17 '09 at 23:40
0

run wireshark and listen on your nic. request a web page and see where the packets go.

dasko
  • 1,244
  • 1
  • 22
  • 30