VPN and Broadband.. Help!!!

[Camaro80z]

I am having a problem and I need help. My company has about 140 different users in the field that we must support. They all use microsoft outlook for email. With the issues of port 135 being closed by many ISP's, we had to set up a vpn for all of our users. The problem I am having is with the users on calbe or dsl with more than one machine. If they connect to the vpn, they are not able to use internet explorer. I have searched for answers on this and have not found a solution. Microsoft says that is by design and that there is no way around it. My boss is riding me saying that they are wrong. Does anyone know anything that could possibly help me? Does anyone else have the same problem?

[Ya_know]

Try this, I know it worked for me in the past. For the VPN connection, under the TCP/IP settings, Advanced button, under the general tab uncheck “use default gateway on remote network”.

That should allow the PC to continue using the ISP for Internet browsing, instead of the VPN, but still allow connection to the Network…

[Camaro80z]

Thank you very much. I will try this and see if it works.

[mhubbard]

Microsoft is part right as this is by design. When you surf the internet while connected to a VPN, it poses a security risk for your network. The way around this is to use split-tunneling which we just configured on our Nortel Contivity switch. Not sure what VPN you are using, but do some homework on that and see if it helps.

[silencio]

Muahahahahahahaha!! Thanks for the laughs!

[mattyx]

i am thinking its funny that microsoft made this by design....i doubt that the first poster thinks its very funny if the boss is riding his butt....

[Ya_know]

Muahahahahahahaha!! Thanks for the laughs!

Care to explain? That sort of response belongs in the lounge, it's inappropriate here in a help forum...

[Camaro80z]

I definatly want to thank Ya_Know, thanks for the fix. It worked! I had tried this with one user but I found out today she was doing the changes on her HOME machine, not her WORK machine. Oh well. Once again, thanks to all for your help. As to Silencio, this is all that I will say outside of the lounge. We all need help sometimes, what goes around comes around.

[silencio]

Care to explain? That sort of response belongs in the lounge, it's inappropriate here in a help forum...

Sure, I'll explain. First you have a company with 140 remote users sitting on the internet with port 135 (and probably all ports) wide open, then you come along and tell them to use split tunneling.

Maybe later you can advise them to change all their passwords to their usernames so they can remember them easier.

To me, this is very very funny. I could get all serious and complain about this kind of shoddy security being responsible for 90% of the icmp traffic flowing around the internet today but really, who cares?

[silencio]

I definatly want to thank Ya_Know, thanks for the fix. It worked! I had tried this with one user but I found out today she was doing the changes on her HOME machine, not her WORK machine. Oh well. Once again, thanks to all for your help. As to Silencio, this is all that I will say outside of the lounge. We all need help sometimes, what goes around comes around.

Camaro, based on the way your network security is setup you won't find enough answers in this forum to remedy your problems. I highly recommend bringing a security consultant in for an assessment. A bad firewall or no firewall is bad enough. When you add to that split-tunneling it's like dropping 140 bloody hooks into shark infested waters.

I know that I'm coming off as some kind of elitest but this thread reminds me sitting around as a bench tech talking about how dumb end users are.

I though ya_know had more common sense than this.

[Camaro80z]

I definately do agree with you, Silencio. There are definate issues with the securtiy with our field users. Unfortunately, I am not high enough in the food chain to do something about it. My job is just to make sure the field users are up and running, not network security. When I started here 6 months ago, that was one of the first things that was brought up. The response I got was " It has worked okay so far, there is no need to change it." Even with the setup that we are having to do now, I have been told form up high that "it is good enough". I was told as long as they can use their outlook and ie at the same time, that is all that matters. The higher up dumb things down to the users to the point that i get in trouble if instructions have to be sent out and I just put click instead of left click. Thanks for explaining that you were laughing at the setup and not at my diffuculty in finding a solution.


P.S. The passwords were set up that way when i got here! thinking about the holes makes me want to

[silencio]

Damn, I feel for ya Camaro. Sometimes the big wigs have to learn the hard way.