When windows8 installed L2TP VPN Client connect the VPN, the Computer can visit the LAN resources ,but don't have the internet service.
1. Tracert the public ip and find the first hop is the gateway for vpn which is configured on USG5300.
2. I disconnect the L2TP VPN and find that the first hop is another segment for the physical NIC .
By default ,when WINDOWS 8 users connect the L2TP VPN ,Computer will set this VPN gateway as a default gateway ,That means ,when the l2tp vpn is connected ,all the internet service will go to firewall as its default gateway,If firewall policy don't permit this segment ,the VPN user cannot access the internet .
We have two solutions on this issue since we are clear its root cause.
1. when the internet traffic go to the firewall, we can configure the “NAT “ and “interzone policy” so that this VPN segment can go to internet .
2. cancel the VPN gateway as a default gateway :
a. find the VPN and right click “properties” ,you will see the picture below ,click ”networking ”->IPV4(TCP/IPv4)
b. Click ”Properties”, you can see this window.
c. cancel the default selection of “use default gateway on remote network”，by default it is selected 。
This is the way to cancel the VPN gateway as default gateway ,but in this case ,the VPN user can only visit the LAN resources with same segment ,Please add static route to different LAN segment in DOS window ,the command is “route add” and the next hop is VPN gateway.
Solution1 : we only need to configure the firewall ,but too much internet traffic will affect the performance of firewall.
Solution2 : we need to disable the default gateway and configure static route in PC one by one ,but this is good for firewall .
Please select a solution that is suitable to you .