I am using VPN to get into my company's network. VPN connects fine, but I can't use IE after the VPN connection has been made. I think the problem is within IE because I can ping my company's intranet site, IE just won't take me there. IE doesn't work for any other websites either. I've also done an ipconfig /all before and after the VPN connection has been made. This shows that the dns server ip address' are switching properly. Any ideas on what settings to check? Thanks!

If your VPN and internet come in on the same interface (on the vpn device probably a PIX) then it will not work as a PIX or most vpn routers/devices will not pass traffic that came in that interface back out of it. hope this makes sence. It will pass it from the outside interface to the inside and vise versa but not from the outside and back out the outside. you would need actualy three interfaces one for outside internet, one for outside VPN connections and one for internal network that way it could pass from vpn interface to inside and also outside. you could also put a proxy server in on the internal LAN that will make the HTTP requests on your behalf.

Forgot to mention if you want to access the internet through your connection as well as be connected to the VPN this is called split-tunneling and is dissabled by default as a security measure. talk to who ever does the vpn and see if they will enable this. its doughtful though as basicly it will create a sort of router into the corporate LAN

Thanks Juniper. This sort of makes sense to me, maybe I should clarify my situation a little bit better. My original internet connection is through an independent cable company (not associated with my company). When I do the ipconfig commands all results come back associated with addresses of my cable company.

I have a Cisco VPN client loaded on my pc, that "dials" the IP address of my companies VPN server. After I authenticate and repeat the ipconfig commands, the associated addresses come back as my companies. At this point, I try to get onto the intranet at work and I can't. I can, however, ping the address from a command line which is the reason I think IE is having issues.

There isn't really anything I think the admins at work need to do with their equip because there are plenty of people that can use IE as I am attempting to do (I've actually witnessed it). I thought maybe their were settings within IE that I needed to change or update???? I know I have tons of updates put on, could one of those be getting in the way??

Any advice would be appreciated!!! Thanks!!

Are the other people that can access via IE using the internal proxy server? look at their dial-up configuration and see if it is set to go through a proxy I think this is what is happening and your PC is not set for it. ( this is set in the dial-up config not in IE itself) or you are in a different VPN group that has the DNS miss configured. Try putting the IP address into IE and see if it gets there by IP instead of name. I am very familiar with cisco vpn so I should be able to help ya on this.

Bingo! Putting the IP address of the intranet in as opposed to the name I can connect to internal intranet.

I still am not sure how to answer the other questions about the proxy server, though. The other people that have used this method are set up exactly as I was from the start. They have a cable modem, (always on lan connection) and use the vpn client to connect. They didn't have to make any changes to their lan config on their pc (i assume this is the same as dial-up as you reference it?) I don't think they are in a different VPN group as I compared and we have the same IP address on the VPN client.

So what would my next step be to be able to refer the site by name instead of ip? Sorry for not understanding the proxy server, but this is something that I would be "talking" to on my corporate network, or in this case not talking to? I looked thru the different settings under "Network Connections" and "Internet properties" but it's just not jumping out at me. Does RPC, DHCP play into this? I did see the Proxy server setting under "Internet Options/Lan settings" but it said those settings didn't apply to VPN or dial-up.

Anyway, at least I can get to the intranet now...THANKS. Any help farther than this would be great, but at least I have a work around!!!

If you got there using the IP address instead of the name then there is a DNS issue, you could just add an entry to your host file with name to ip address this would fix the problem, I would do a ping of the name and make sure that the correct IP address is resolved this sounds quite odd.

I would go to:

Internet Properties > Connections Tab > LAN settings button

If there is a check next to "Use a proxy server for your LAN...", then click on the Advanced button.

In the Exceptions field at the bottom of the next window that pops up, you need to put in all of your companies network octects that are used for intranet usage.

Example: if your company uses - 10.X.X.X, 150.X.X.X, 192.X.X.X
Your company's domain name, like www.yourcompany.com

Then in the exceptions field you would put something like: 10.*;150.*;192.*;*.yourcompany.com

The * represents anything that could possibly be put in. This asterisk is important.

Easiest way I could think of is to compare your PC with your coworkers PC(that is also using broadband) and have them read to you what exceptions are in theirs and enter it into yours.

At this point, you should be able to access everything on your intranet site by name and still be able to use the internet at the same time using the existing connection you have through your broadband service. Only problem is that if any internet site you are trying to view matches your predefined exceptions, your browser will try to find it in your company's intranet site.

Hope that makes sense.

If it was a proxy issue as nachopapa explained he would not have gotten there by using the IP address in IE it would have come up blank also. That field is for bypassing proxy for certain domains/IP addresses which if was the case he would not get there by IP either since it was not listed in the first place. sounds to me he is using an external DNS server that will not resolve internal names or something of that sort.
Also nachopapa if you have a proxy set you are using the proxy for internet also through the VPN and out the corporate internet pipe not straight out your broadband. If you are going to internet through the broadband at home at the same time you are connected to the VPN that is called split-tunneling and is a very bad security risk and that ability is dissabled by default with cisco PIX as well with the cisco VPN concentrator.

I agree on the PIX firewall point about split tunneling. But that would not be the case due to other users being able to browse the internet as stated above:

04-12-2004 <<<The other people that have used this method are set up exactly as I was from the start. They have a cable modem, (always on lan connection) and use the vpn client to connect.>>>

I would ask if the ISP being used came over and made modifications to your PC/laptop when you first ordered the broadband service. If so, then some further configuration needs to be made to your IE. Especially if there is a proxy server (owned by local ISP) between you and the internet. In that aspect, the DNS issue could probably mean that the ISP's DNS servers are trying to be used instead of the company's DNS while you are authenticated. I suppose that is why you cannot resolve names to IP "while" authenticated via VPN client. The connection to your company is there, but the exclusion of your ISP settings are not present.

Go back and dial up again and see if everything works fine there to ensure that your company's network side is isolated from your problem. See if you can access your resources by name. If everything goes well on your dial up session, then that means the problem is happening before getting to the company's network.

Anyways, that's how I am viewing what is going on. Hope that makes sense.

Not to get deep into technical terms and stuff. Here is a link on a question/answer style format about the Cisco VPN client that you might be using. To put security issues a little more at peace about split tunneling. It's the 6th question from the top.

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_qanda_item09186a008017dbed.shtml

I have no idea what your point is hehe. if you have split tunneling enabled and someone has connected to your PC through the internet then they have full use of your VPN into your corporate network no matter what version client you are using this is why it is dissabled (so no one can remote connect to your PC while connected to the VPN). although on the cisco VPN concentrator you can push down black ice defender through the client which will make split tunneling a little safer. However in almost all Cisco VPN implementations it will be dissabled for the standard user and only admin can split-tunnel ( mostly for upgrade reasons). I am familiar with 1.0 (used for ios firewall VPNs), 3.0, 3.5, 3.6, 3.7 and 4.0 I still use 3.6.3 since 4 stopped letting you telnet to the outside interface of the PIX (must use SSH with 4 client). I highly dought he has split tunneling enabled and if you connect and click on the VPN client and look at the general statistics it will say if it is enabled or not while you are connected as well you would see incramenting unencrypted packets in the details.

Without getting too deep in the technical part or determine if his company has basic security measures taken care of, I was trying to find out where the problem lies before troubleshooting the connectivity issue in a spot that isn't part of the problem. I wouldn't troubleshoot my server first if the problem was in my NIC card because the almighty network admins should have their network solid...you know?

Looks like the original way of connecting was through directly dialing up to the company and authenticate using Cisco VPN client. If that works and you can access resources by name instead of IP, then that would mean that the company's network isn't the problem.

lid3qe9, since your new broadband service was brought into the picture, are you still able to use your dial up if you choose to? Can you use the internet normally? See if you can still dial up to your network and access everything like normal. Use names instead of IP to access your resources. That way you know your company's network is OK and that any changes made to your PC/laptop that your cable company may have made doesn't affect that option of connecting/authenticating.

Next try using the broadband service to access the internet. See what you have. If that works, then the problem lies in the relationship between your ISP and your company's intranet. If you say that other users are set up exactly the same way, then all you can really do is compare what settings you have to theirs. Check your IE config AND your VPN client config. Anything related to options/settings/proxy/gateway/etc...something on that lines.

Other than that, talk to your network admin and see if there is some sort of filter applied to your account for some reason.