Join
the community
Sign-up
Ask a question Report

VPN Connects but no remote LAN access [Solved/Closed]

Redeemer - Latest answer on Jan 14, 2013 04:04AM
Hello,
This just started happening about two weeks ago. I connect to a client site using Microsoft VPN client (pptp). THis has worked for well over a year until two weeks ago. Now when I try and connect I establish a tunnel but cannot access resources on the remote LAN whether by IP address or UNC, hostname, etc. After about 30 to 60 seconds the tunnel disconnects without error or notification. I have this problem on 3 of my office PCs and also if I try this from my server.
Here's where it gets strange - I have two other PCs in my home office that are on the same LAN as my business machines and they CAN establish a VPN tunnel to my customer's office and ping all devices on the remote LAN! They have the same OS (Windows XP Pro SP3) as the machines that are not successful.
Normally I wouldn't care if I couldn't reach their network remotely as I have other means of connecting, but this client has remote users and the same problem I have has happened to one of their remote users. So now I have to figure it out. I'm not sure what other detail I need to provide. I'm wondering if a new Microsoft patch has had some affect or not.
Some things I have tried:
Removing the VPN connection and adding it again
Run a repair on the NIC
Flush DNS
firewalls are disabled on all machines
unchecked and removed tcpip from NIC. Reinstalled TCPIP.
Rebooted (of course)
Read more 
More
34 answers
Answer
+112
moins plus
cadbomb Jan 4, 2010 03:33PM
I had a similar issue... What I had to do was tell the connection to not use the remote gateway to connect through internet. On the XP machine (works on Vista and 7 also) go to the properties of the VPN connection. Click on the Networking tab and double click Internet Protocol Version 4 (TCP/IPv4). Click Advanced and uncheck the box for "Use default gateway on remote network." This will route all of your local traffic through whatever network you're locally connected to, and any remote traffic through the VPN connection. This also assumes that you're not trying to route your internet traffic through the VPN. If you leave this option set, then you will not be able to access any local network resources without manually specifiying routes to get to them. This is the default design of VPN :D. I know this post is old, but I figured I'd put in what I discovered it to be, maybe it can help somebody down the road.
VPNbum - Jan 6, 2010 01:47PM
Cadbomb,

How do you get to these settings if you don't actually have a VPN connection configured? I am using a Cisco VPN connection and am able to VPN when I am connected to my land line connection at home. But when I disconnect and go wireless, I have the same problem that everyone has mentioned here. My LAN connection doesn't have the same Advanced options as you mention.

Thanks.
CAKeeler - Feb 15, 2010 07:48AM
I have the same problem and I connect to the VPN but cannot route traffic or see any remote resources ... the attribute you suggest to change on the VPN connection doesn't exist for me. Any other ideas?
Jack - Apr 30, 2010 12:40PM
Any idea how to make these exact same changes on MacOSX?
randomDrops - May 6, 2010 03:52PM
no idea for mac. for the VPN connection you should be changing the VPN connections properties. not your network properties ! especially if they were working - and you could "surf the net"...
ps i had this same issue on 2 computers, cadbomb's solution for the gateway fixed this one, and the other one will be when i get to take another look at it.
Cadbomb - May 20, 2010 10:13AM
Delayed response, I forgot I even posted this in here, but for Cisco you need to go to the properties of the VPN profile you connect to and click the Transport tab. The check the Allow Local LAN Access box. Does the same thing as the option before. As far as for Mac, I'm not too familiar, but there should probably be an option similar somewhere in the ip settings.
Mindy - Jun 15, 2010 07:10PM
Thank you so much for posting this answer. I have been looking for a way to access the internet while I was connected to my office computer and this solution was perfect.
Arun Kumar Arjunan - Jun 17, 2010 07:10AM
Great!! That really helped me a lot...
office lackey - Jul 14, 2010 11:01PM
dude. you rock. thanks so much for taking the time to post your experience. and thanks to the other solution posters as well. if cad's solution won't work for the other people on our network, i'll try some of the other methods.
tmack - Jul 17, 2010 10:38PM
cadbomb, do you know how to configure the following?

I connect to my company via. VPN but once connected I cannot access any other computers on my home network.

I do not have the ability to change any properties on the VPN connection.

My work PC has 2 NIC's and the computer I want to connect to has 1. They are both on the same hub.

Thanks,
jjseeker - Jul 21, 2010 03:50PM
Nice work! Did the trick for me.
Could connect to the vpn but not the servers on the network. Thought it was the router because on other wireless networks I could connect fine. This solution did the trick however. Thanks.
Answer
+10
moins plus
MoonMan Sep 8, 2009 08:13PM
I had the same issue and did a google search. Came across this post and also other posts. The solution that worked for me was the following:

Do the following in the command prompt:

route delete xx.xx.xx.xx where xx.xx.xx.xx is your LAN network id (usually xx.xx.xx.0)
Answer
+8
moins plus
MBiehn Aug 28, 2009 08:54AM
The truth is, most of posts are rather written in out-of-the-earth english but that's not a problem. The problem is, nobody came up with the solution to this issue....
Answer
+4
moins plus
jing Apr 13, 2009 09:04PM
I guess, what happen my laptop I just restore my laptop 2 days ago then I loss my internet connection i have a dsl cable, And I connected to my wireless it says it is connected but when i open my internet connection it wont connect i think it says local only, i am not good with this i did the diagnos turn off and on my wireless router but still not working
rizidude - May 13, 2009 04:32PM
i think you ISP has stopped your internet connection.
i think it still says connected but local only.
you may of not payed your internet bill.
notme - Jul 6, 2009 12:03PM
This site is full of morons that don't even know how to write English (or any language, really).
veggiehead - Jul 22, 2009 01:39PM
Well at least its not filled with unhelpful jerks like yourself.
notmeisanassnotme - Aug 18, 2009 03:08AM
You think you are such an expert in english, just read what you have written.
randomDrops - May 6, 2010 04:43PM
vista problems i have been unable to fix - vista makes the distinction between local and www connections, not xp.
Answer
+4
moins plus
pcmaximum Sep 23, 2009 07:56PM
The lack of connectivity is generally either vpn client configuration based, or the firewall on the local pc's that are unable to pass traffic would be the first thing i would check.

generally if a vpn client successfully connects, that means that handshake portion is over, a secure connection has been established (port 51) ... however data is unable to use this tunnel for some reason ergo port 500 is blocked or if that is not the case then the traffic is getting to the far end but not returning via the tunnel, (in this case that is not true, as 2 of the PC's are using the same configuration and most likely the same tunnel on the firewall (remote dialup clients) with traffic returning to them.

so back to basics:

1) check the client vpn configurations
a) make sure that the client is setup to "only connect manually" or has split horizon enabled.
2) check that the firewall has not blocked port 500 on the PC, if you are unable to view the blocked list, then
create an exception rule for ports 51 and ports 500 inbound and outbound.

hope this helps
Answer
+4
moins plus
pcmaximum Sep 23, 2009 08:01PM
woops sorry answered the wrong question, well sort of .. wrong protocol pptp uses 1723 and uses GRE 47 for the tunnel, port 50, 51 and 500 are used for IPSEC tunnels such as juniper networks and checkpoint.

sorry for the confusing, i had too many windows opened researching other and got them mixed up.

the basic premise is still correct just check for the right ports for your protocol :)
randomDrops - May 6, 2010 04:07PM
should not need to open any more ports if vpn is handshaking, and shows connection as connected.
as "vpn"ing has bypassed most firewall protections for the tunnelling connection.
Answer
+3
moins plus
deane 7Posts Wednesday December 17, 2008Registration date Feb 11, 2009 12:45AM
hi,
it may be that you have a worm which is causing this trouble.
try running an updated anti-virus.
or you may check out this link as well:
http://en.kioskea.net/contents/pratique/vpn xp.php3
Redeemer - Feb 11, 2009 09:14AM
I understand how to setup a VPN connection and like I said, it had been working successfully for well over a year. I appreciate the link, but that was not necessary.

I did resolve the problem but was wondering if anybody knows why my steps resolved the problem because for the life of me I don't know why this worked because it was just plain luck that I figured it out.

I have 5 office computers all running Windows XP Pro SP3. THey are all on my home office network - same subnet. They have an identical VPN configuration to one of my customers. I will refer to them as A, B, C, D and E.

A, B and C can connect to my client using VPN but cannot ping anything on the remote network. Once the connection is made these computers can't access anything on the local lan either. D and E can connect to the remote network and can ping the router and other resources on both the local and remote LAN.

The fix:
I wanted to compare the routing table of a successful and non successful connection so I was on computer A and remoted in to computer E using remote desktop. While remoted in I successfully connected to my customer using VPN. I minimized that window and then remotely accessed computer B from computer A. I then fired up a VPN connection and low and behold I was able to ping and access resources on the remote network. I couldn't believe it. I disconnected both remote desktop sessions and logged on at the console of B. I then established a VPN to my customer successfully. Computer B seemed to be "fixed". To make sure that nothing changed on the customer's end I went back to computer A and tried to make a VPN connection. I made the connection to the customer but could not ping or access resources on the remote LAN. So, I still had the problem with A and C.

I then did a remote desktop session from computer B to A and while on A established my VPN session to my customer and then everything was fixed on A. I did the same to C and now that one works as well.

Does anybody have a clue as to why this worked? Was there an easier way?
Tripping - Apr 1, 2009 05:01PM
I m having same problem

What do mean by u fired up VPN ?
Redeemer - Apr 13, 2009 10:58AM
By "fire up" I meant start or establish my vpn connection. Sorry for the confusion.
Answer
+3
moins plus
BK Dec 4, 2009 03:51AM
The reason your method worked is surely due to arp-cache!
Answer
+2
moins plus
CJ Feb 15, 2010 12:08PM
I had the same problem with the Cisco client and after further invenstigation it turns out that the device you are connecting to can tell your PC that it is not allowed to talk to any other network, even the local one, while your VPN is active. This is a security feature that governments, military, and some companies reuqired. I had the administrator of the Cisco device change the settings so that I could access my local network at the same time at the VPN.

I hope this helps.
CAKeeler 1Posts Monday February 15, 2010Registration date February 15, 2010Last seen - Feb 15, 2010 12:16PM
I know that this isn't my problem ... used to be able to connect just fine when it was an XP machine ... since Win7 upgrade everything stopped working plus I can connect via VPN using by MAC so its not a security issue. I am guessing its a driver issue since I can use the same Cisco client via my Blackberry dongled to the machine.

Still looking ...
Answer
+2
moins plus
randomDrops May 6, 2010 04:32PM
i find on most computers i am using clearing the arp cache fixes 90% of connection problems to the internet. - apart from manually clearing the cache by using a command code or in services, i mainly use the connection repair - double click your connection, wireless or wired then the support tab at the top of that window and then repair. fixes 90% of internet connectivity problems. if repair does not work or fails use one of the commands to clear the arp-cache manually.
Answer
+1
moins plus
randomDrops May 6, 2010 04:10PM
arp-cache worm. it's the only way this can go wrong. worms publisher: microsoft updates.
randomDrops - May 6, 2010 04:21PM
:)
Asgher Qambrani - Dec 13, 2012 07:06AM
@cadbomb: you can surely access your local resources after vpn connection but you'll lose your internet connectivity if the vpn connection is using local gateway. please correct me if i am wrong. Thanks
Answer
+0
moins plus
Lyterpol 1Posts Monday January 14, 2013Registration date January 14, 2013Last seen Jan 14, 2013 04:04AM
Check Internet. Check Firewall. Check Antivirus, Or still not solved. Visit: http://www.countriesvpn.com

See Ya
Ask a question
This document entitled « VPN Connects but no remote LAN access » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.
Register now

Not a member yet?

sign-up, it takes less than a minute and it's free!

Members get more answers than anonymous users.

Being a member gives you detailed monitoring of your requests.

Being a member gives you additional options.

Receive our newsletter

health.kioskea.net