VPN Connects but no remote LAN access

 Onkon -

This just started happening about two weeks ago. I connect to a client site using Microsoft VPN client (pptp). THis has worked for well over a year until two weeks ago. Now when I try and connect I establish a tunnel but cannot access resources on the remote LAN whether by IP address or UNC, hostname, etc. After about 30 to 60 seconds the tunnel disconnects without error or notification. I have this problem on 3 of my office PCs and also if I try this from my server.

Here's where it gets strange - I have two other PCs in my home office that are on the same LAN as my business machines and they CAN establish a VPN tunnel to my customer's office and ping all devices on the remote LAN! They have the same OS (Windows XP Pro SP3) as the machines that are not successful.

Normally I wouldn't care if I couldn't reach their network remotely as I have other means of connecting, but this client has remote users and the same problem I have has happened to one of their remote users. So now I have to figure it out. I'm not sure what other detail I need to provide. I'm wondering if a new Microsoft patch has had some affect or not.

Some things I have tried:
Removing the VPN connection and adding it again
Run a repair on the NIC
Flush DNS
firewalls are disabled on all machines
unchecked and removed tcpip from NIC. Reinstalled TCPIP.
Rebooted (of course)

6 replies

I had a similar issue... What I had to do was tell the connection to not use the remote gateway to connect through internet.

On the Windows machine :
  • go to the properties of the VPN connection.
  • Click on the Networking tab and double click Internet Protocol Version 4 (TCP/IPv4).
  • Click Advanced and uncheck the box for "Use default gateway on remote network."

This will route all of your local traffic through whatever network you're locally connected to, and any remote traffic through the VPN connection.

This also assumes that you're not trying to route your internet traffic through the VPN. If you leave this option set, then you will not be able to access any local network resources without manually specifiying routes to get to them. This is the default design of VPN :D.

I know this post is old, but I figured I'd put in what I discovered it to be, maybe it can help somebody down the road.
Thank you

A few words of thanks would be greatly appreciated. Add comment

CCM 2821 users have said thank you to us this month

dude. you rock. thanks so much for taking the time to post your experience. and thanks to the other solution posters as well. if cad's solution won't work for the other people on our network, i'll try some of the other methods.
cadbomb, do you know how to configure the following?

I connect to my company via. VPN but once connected I cannot access any other computers on my home network.

I do not have the ability to change any properties on the VPN connection.

My work PC has 2 NIC's and the computer I want to connect to has 1. They are both on the same hub.

Nice work! Did the trick for me.
Could connect to the vpn but not the servers on the network. Thought it was the router because on other wireless networks I could connect fine. This solution did the trick however. Thanks.
Thanks! Exactly the solutionI was looking for!
You are great you know that.... be happy
I had the same issue and did a google search. Came across this post and also other posts. The solution that worked for me was the following:

Do the following in the command prompt:

route delete xx.xx.xx.xx
where xx.xx.xx.xx is your LAN network id (usually xx.xx.xx.0)
i find on most computers I am using clearing the arp cache fixes 90% of connection problems to the internet. - apart from manually clearing the cache by using a command code or in services, I mainly use the connection repair - double click your connection, wireless or wired then the support tab at the top of that window and then repair. fixes 90% of internet connectivity problems. if repair does not work or fails use one of the commands to clear the arp-cache manually.
The reason your method worked is surely due to arp-cache!
The lack of connectivity is generally either vpn client configuration based, or the firewall on the local pc's that are unable to pass traffic would be the first thing I would check.

generally if a vpn client successfully connects, that means that handshake portion is over, a secure connection has been established (port 51) ... however data is unable to use this tunnel for some reason ergo port 500 is blocked or if that is not the case then the traffic is getting to the far end but not returning via the tunnel, (in this case that is not true, as 2 of the PC's are using the same configuration and most likely the same tunnel on the firewall (remote dialup clients) with traffic returning to them.

so back to basics:

1) check the client vpn configurations
a) make sure that the client is setup to "only connect manually" or has split horizon enabled.
2) check that the firewall has not blocked port 500 on the PC, if you are unable to view the blocked list, then
create an exception rule for ports 51 and ports 500 inbound and outbound.

hope this helps
I had the same problem with the Cisco client and after further invenstigation it turns out that the device you are connecting to can tell your PC that it is not allowed to talk to any other network, even the local one, while your VPN is active. This is a security feature that governments, military, and some companies reuqired. I had the administrator of the Cisco device change the settings so that I could access my local network at the same time at the VPN.

I hope this helps.
Registration date
Monday February 15, 2010
Last seen
February 15, 2010

I know that this isn't my problem ... used to be able to connect just fine when it was an XP machine ... since Win7 upgrade everything stopped working plus I can connect via VPN using by MAC so its not a security issue. I am guessing its a driver issue since I can use the same Cisco client via my Blackberry dongled to the machine.

Still looking ...