VPN Access to Internet or Lack Thereof

By Starry997 ·
Just want to know why what I did works. Have two sites linked via Ipsec VPN using Secure Computing Routers. Works 1 has 192.168.1.x addresses and site 2 has 192.168.2.x addresses. The Routers also allow for PPTP VPN access which I use to access site 1 from home. Can only access network resources...Internet can't be accessed unless I use remote desktop on the Windows server and then access from there or if I uncheck remote gateway option on TCP/IP, which is only giving me local access to the Internet. Site 1 is a domain network and Site 2 is a simple workgroup network. Site 1 is on a cable ISP and site 2 is on a seperate wireless ISP.

The cable ISP hosts our domain email. They will no longer allow our site 2 to send email to their smtp mail server as if he was sending from our domain. He can receive but not send. Thank you spammers.

So...I experimented with my work PC, disconnecting my PC from our network and using a dialup account and subsequent PPTP VPN connection to our site 1 network...and I could access the internet and do my email just as if I was connected directly to my network. Why did that work? Is it because my Pc is a domain Pc and that I had previously logged on before disconnecting? Like...maybe it thought I was back? I don't know.

So then I go to Site 2 and set him up to use PPTP VPN to access Site 1 and use that connection for email. And it worked there. He could access the Internet and do email just as if he were physically located on our network. While simultaneously hooked up via IPSEC, which also still worked just fine. Why did that work?

Why does my connection (direct DSL) from home not allow me connection to the Internet at the remote gateway?

All 3 PCs have the TCP/IP remote gateway option checked.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Great question

by robo_dev In reply to VPN Access to Internet or ...

to clarify....your first experiment should work. If you connect with a VPN to site 1, and you're a valid domain user, that should work always.

Clarify the 'go to site2' scenario...

Is this a PC on the site2 network, and you establish a user-VPN connection over the internet to site1 while maintaining the site-to-site VPN connection? Yes, this should work. The Site-to-site VPN connection is just a secondary gateway for the site2 lan, which is perfectly normal.

The only issue in all this is what the default gateway is, if a valid route exists between devices, and if the appropriate protocols are allowed.

FYI, you can probably setup a static route in site2 to forward requests to the ISP SMTP server over the site-to-site VPN. You would probably have to also setup a static route in the site1 router to establish a route tot he site2 lan for the SMTP server replies.

Related Discussions

Related Forums