No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-Why after windows 8 installed L2TP Client connect the LNS, the VPN users cannot visit the internet .

Publication Date:  2014-10-31 Views:  50 Downloads:  0
Issue Description
When windows8 installed L2TP VPN Client connect the VPN, the Computer can visit the LAN resources ,but don't have the internet service. 
Alarm Information
NONE



Handling Process
1. Tracert the public ip and find the first hop is the gateway for vpn which is configured on USG5300.
2. I  disconnect  the L2TP VPN  and find that the first hop is another segment  for the physical NIC .
Root Cause
By default ,when WINDOWS 8 users  connect the L2TP VPN ,Computer will set this VPN gateway as a default gateway ,That means ,when the l2tp vpn is connected ,all the internet service will go to firewall as its default  gateway,If firewall policy don't permit this segment ,the VPN user cannot access the internet .
Solution
We have two solutions on this issue since we are clear its root cause.


1. when the internet  traffic go to the firewall, we can configure the “NAT “ and “interzone policy” so that this VPN segment can go to internet .
2. cancel  the VPN gateway as a default gateway :
a. find the VPN and right click “properties” ,you will see the picture below ,click ”networking ”->IPV4(TCP/IPv4)


b. Click ”Properties”, you can see this window.


c. cancel the default selection of “use default gateway on remote network”,by default it is selected 。



This is the way to cancel the VPN gateway as default gateway ,but in this case ,the VPN user can only visit the LAN resources with same segment ,Please add static route  to different LAN segment in DOS window ,the command is “route add” and the next hop is VPN gateway.
Suggestions
Solution1 : we only need to configure the firewall ,but too much internet traffic will affect the performance of firewall.
Solution2 : we need to disable the default gateway and configure static route in PC one by one ,but this is good for firewall .
Please select a solution that is suitable to you .

END